Potatoes

Hot Potato
Rotten Potato
Lonely Potato
Juicy Potato
Rogue Potato
LocalPotato (CVE-2023-21746) works via NTLM local authentication Security Context IDs using a local SMB and start connecting a privileged and an unprivileged process at the same time. Both get a security context IDs which then will be swapped between the processes. Additionally DLL hijacking is needed to get a higher priv shell. [This is done via SvcRebootToFlashingMode of StorSvc and interpositioning of SprintCSP.dll](https://github.com/blackarrowsec/redteam-research/tree/master/LPE via StorSvc) in PATH
- Original Post from James Forshaw and Elad Shamir
- Security Online