The object exporter specified was not found

[benpturner]

Hi,

I've tried using this and get two different errors for the same code but none seem to work. The exploit works absolutely fine with JuicyPotato.exe with the same parameters everytime but this fails.

I have also tried by uploading the executable directly to the host.

[+] Attempting DCOM NTLM interception with CLID 4991D34B-80A1-4291-83B6-3328366B9097 on port 6666 using method Token to launch c:\temp\testrun.bat
The remote procedure call failed and did not execute. (Exception from HRESULT: 0x800706BF)
[!] No authenticated interception took place, exploit failed

[CCob]

Object exporter not found would generally be the expected last COM error since the OXID resolver that gets marshaled is bs. The code only shows the last error if NTLM interception has failed.

I dont have time to look at this right now, so I'd suggest adding some logging within the COM listener thread function here -

https://github.com/CCob/SweetPotato/blob/master/PotatoAPI.cs#L112

After line 128 is when a successful connection has been made back from the RPC service, so if that part is working it should be fairly simple to work out the problem.

I've not attempted on 2016, only Windows 7 and 10. When I get some time to spin up a 2016 server I'll take a look

[CCob]

Hmm, just tried on fully up to date 2016 Server, seems to work for me.

[kokxxoo]

SweetPotato by @EthicalChaos
Orignal RottenPotato code and exploit by @foxglovesec
Weaponized JuciyPotato by @decoder_it and @guitro along with BITS WinRM discovery

[+] Attempting DCOM NTLM interception with CLID 4991D34B-80A1-4291-83B6-3328366B9097 on port 6666 using method Token to launch c:\Windows\System32\cmd.exe
RPC 服务器不可用。 (异常来自 HRESULT:0x800706BA)
[!] No authenticated interception took place, exploit failed