Skip to content
/ Gotato Public

Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.

111 stars 16 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

iammaguire/Gotato

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
gotato.go
gotato.go
 
 
httpntlm.go
httpntlm.go
 
 
httpntlm.old
httpntlm.old
 
 
main.go
main.go
 
 
namedpipe.go
namedpipe.go
 
 

Repository files navigation

This is very similar to GenericPotato - I referenced it heavily while researching.

Gotato starts a named pipe or web server and waits for input. Once a client has connected Gotato will attempt to steal their token and impersonate them. Able to trick a process running as SYSTEM into interacting with the pipe or web server? You're now SYSTEM.

Same as the rest of the potato family this requires SeImpersonate.

Usage: gotato -m [http|pipe] [-p PORT] [-n PIPE_NAME]
  -h    Print this help menu
  -m string
        Mode [http|pipe] (default "pipe")
  -n string
        Pipe name (default "mal")
  -p int
        HTTP server port (default 4644)
example.mp4
converted.mp4

About

Generic impersonation and privilege escalation with Golang. Like GenericPotato both named pipes and HTTP are supported.

Resources

Readme
Activity

Stars

111 stars

Watchers

5 watching

Forks

16 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages