Kevin-Robertson
commented
7 years ago Hello,
The NBNS spoofing portion is pretty processor intensive since it has to cycle through the NBNS transaction IDs as fast as possible. It will usually spike the processor until WPAD resolves successfully. Does tater hang up on the first step? MS patched this exploit back in June so you may have a patched box. There is also a chance that NBNS is disabled. Outside of that I'm not aware of any specific problems with 2012.
7MinSec
Greetings!
Ran into my first pentest today where it looks like Potato/Tater should give me privesc. I already had an Empire agent with a Win2k12 box established so I tried running Tater through it. I repeatedly got errors about "Windows Defender not found" which is fine since it's not present, but it also pegs the proc at 100% so I killed it.
I also have RDP access to the Win2k12 box so I ran it manually with Invoke-Tater and the behavior was the same - proc pegged at 100%. FYI, overall this is not an overworked box. It usually idles around 10% for proc and 50% for memory.
I didn't see it explicitly mentioned in the documentation, but should Tater run ok under Server 2012? Potato says it supports 2012, but maybe Tater doesn't?
I can try to run Potato tonight too and see if there is any difference.
Thanks, Brian