From Administrator to NT AUTHORITY\SYSTEM in one shot.
Systematically Seizing SYSTEM Rights โ Alternative to PSExec for SYSTEM privilege escalation through token theft.
Click to collapse/expand
SYSTEMatic is a C-based Proof of Concept (PoC) that demonstrates Windows privilege escalation using token impersonation.
By identifying a SYSTEM process and duplicating its token, SYSTEMatic provides an interactive SYSTEM shell (cmd.exe), offering direct SYSTEM-level access from an Administrator session.
๐ Objective: A modern, lightweight alternative to
PSExec, focused on token impersonation techniques for security research, penetration testing, red team operations, and system administration tasks requiring SYSTEM privileges.
- โ
Spawn a SYSTEM shell (
cmd.exe) from Administrator privileges. - โ Token hunting, duplication, and impersonation using pure WinAPI.
- โ Lightweight and modular C source code.
โ๏ธ A true alternative to PSExec, aimed at security researchers, pentesters, red teamers, and system administrators looking for direct SYSTEM access.
Important notice for users:
- โ Do NOT upload compiled binaries (e.g., SYSTEMatic.exe) to public analysis platforms such as VirusTotal, Any.run, Hybrid Analysis, or similar services.
- ๐จ These platforms share submitted files with antivirus vendors, which will likely lead to rapid detection, signature creation, and reduced effectiveness of the tool in real-world scenarios.
โ If you need to analyze or test the binary, use isolated, private labs or offline environments to avoid unintentional exposure.
โ ๏ธ Note: SYSTEMatic requires Administrator privileges to execute successfully.
- Open a terminal as Administrator (
Command PromptorPowerShell):
- Right-click on "Command Prompt" or "PowerShell" โ Run as administrator.
- Run SYSTEMatic:
.\SYSTEMatic.exe- If successful, you will get an elevated SYSTEM shell (
cmd.exe) running asNT AUTHORITY\SYSTEM:
Microsoft Windows [Version 10.0.26100.3194]
(c) Microsoft Corporation. All rights reserved.
C:\Windows\System32>whoami
nt authority\system
C:\Windows\System32>๐ก Tip: SYSTEMatic automatically finds and duplicates a SYSTEM token โ no additional commands or options are needed.
SYSTEMatic is provided strictly for security research, educational, and academic purposes.
Its primary aim is to help security professionals, system administrators, and researchers better understand Windows token manipulation and privilege escalation mechanisms.
โ ๏ธ Warning: This tool must never be used for unauthorized activities or against systems for which you do not have explicit permission. Unauthorized use may violate laws and result in criminal and civil penalties.
If you are unsure about the legality of your intended use, consult a legal professional or competent authority before proceeding.
๐น By using SYSTEMatic, you acknowledge that you have read, understood, and agreed to this disclaimer.
You accept that the author cannot be held responsible for any misuse or damage caused by this tool.
Explore the star history of this project and see how it has evolved over time:
Your support is greatly appreciated. We're grateful for every star! Your backing fuels our passion. โจ
This project is licensed under the GNU Affero General Public License, Version 3.0. For more details, please refer to the LICENSE file in the repository: Read the license on GitHub
