0x00 TL;DR

Record how Winodws Escalation Privilege from administrator privilege to system privilege.
Use psexec can do it.

0x01 Steps

download:https://download.sysinternals.com/files/PSTools.zip

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
C:\Users\Administrator\Downloads\PSTools>whoami
ec2amaz-okarxxx\administrator

C:\Users\Administrator\Downloads\PSTools> .\psexec -i -s -d cmd

PsExec v2.2 - Execute processes remotely
Copyright (C) 2001-2016 Mark Russinovich
Sysinternals - www.sysinternals.com


cmd started on EC2AMAZ-OKARXXX with process ID 7848.

C:\Users\Administrator\Downloads\PSTools>


C:\Windows\system32>whoami
nt authority\system

C:\Windows\system32>

0x02 Reference