An easy and powerful way to gain SYSTEM-privileges can be to abuse a service in Windows. We all know they run as the user SYSTEM, so gaining code execution in any one of them can gain you a “root shell” on the system.
Sometimes, a developer or some intern who creates the installer package for some software, will accidentally give Everyone full access to the service executable. Overwrite the file with your own payload (reverse shell or whatever). This means that even if you just have access to a low privileged user on the system, this is a low hanging fruit.
Going through each of the permissions on the system one-by-one is tiresome and just not something one has the privilege of having the time for on a compromised system, so I created a VBScript for that: