Priv Escalation

Yo what the fuck.

So basically from the box we came in with the user called "nt authority\local service"

Basically this user and the user network service come with limited sets of privileges that we can get back. Once we have the SeImpersonatePrivilege, the only thing left to do is execute a potato attack.

GitHub - itm4n/FullPowers: Recover the default privilege set of a LOCAL/NETWORK SERVICE accountGitHub

Once we transfer the executable to the target. Here is the POC.

Before:

After:

After having the SeImpersonatePrivilege all we have left to do is run PrintSpoofer.exe