Admin2System

Getsystem

getsystem

https://github.com/decoder-it/psgetsystem
psgetsystem.ps1 <system_PID> <cmd.exe>

Process injection

post/windows/manage/priv_migrate

Psexec

psexec \\127.0.0.1 cmd.exe