incursi0n

incursi0n / GodPotatoBOF

Public

Cobalt Strike BOF used to perform privilege escalation by exploiting the SeImpersonate privilege. Based on the original GodPotato PoC by BeichenDream.

109
13
69% credibility
Found Apr 11, 2026 at 109 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C
AI Summary

GodPotatoBOF is a lightweight tool for Cobalt Strike that enables privilege escalation to SYSTEM level by stealing and using high-privilege tokens during penetration testing.

How It Works

1
🔍 Discover the tool

While testing computer security, you come across GodPotatoBOF, a handy helper that lets you gain higher access on Windows machines during safe simulations.

2
🛠️ Get it ready

You follow easy steps to prepare the tool so it's all set for your testing kit.

3
📥 Add to your app

You bring the tool into your security testing software, making it part of your collection.

4
🚀 Launch in a test

During a practice session on a test machine, you activate the tool to unlock top-level control.

5
Pick your power-up
💻
Run a command

Execute any instruction you want with full system power and see the results right away.

🛡️
Boost your session

Apply the super access to your current testing session for ongoing powerful actions.

🎉 Full access achieved

You now control the system completely, letting you thoroughly check defenses and wrap up your security test with confidence.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 109 to 109 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is GodPotatoBOF?

GodPotatoBOF is a C-based Beacon Object File for Cobalt Strike beacons, enabling privilege escalation to SYSTEM on Windows targets with SeImpersonate privilege. It ports BeichenDream's original GodPotato PoC, letting you either spawn a command as SYSTEM or apply a stolen SYSTEM token directly to your current beacon via simple CLI args like `godpotato token` or `godpotato -cmd "cmd /c whoami"`. Import the provided CNA script into Cobalt Strike 4.11 or 4.12 for seamless alias execution, solving quick local admin gains without dropping executables.

Why is it gaining traction?

Unlike full GodPotato executables, this BOF runs inline in beacons for stealthy, position-independent execution, dodging AV and EDR better in Cobalt Strike C2 ops. The dual-mode flexibility—process spawning or beacon token takeover—fits dns beacon sleep mask workflows, and its random/custom pipe support evades basic detection. With 109 stars on cobalt strike github, it pulls devs from github cobalt strike profiles seeking reliable SeImpersonate pops amid patched alternatives.

Who should use this?

Red teamers running Cobalt Strike beacons on mid-auth Windows boxes (services, IIS) needing fast SYSTEM access for lateral movement. Pentesters evaluating cobalt github download tools for fortnite/roblox/whatsapp/youtube exploit chains, or cobalt ai github payloads, where SeImpersonate is common but PrintNightmare/Juicy is burned. Skip if you're not in cobalt strike documentation-deep ops.

Verdict

Solid pick for Cobalt Strike BOF users—grab it if SeImpersonate fits your TTPs, with clear README usage beating most github tizentube cobalt clones. 109 stars and 0.699999988079071% credibility score signal modest maturity; test in labs first as no formal coverage, but BeichenDream roots make it trustworthy.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.