Insecure GUI Apps
On some (older) versions of Windows, users could be granted the permission to run certain GUI apps with administrator privileges. There are often numerous ways to spawn command prompts from within GUI apps, including using native Windows functionality. Since the parent process is running with administrator privileges, the spawned command prompt will also run with these privileges.
Exploitation
We are going to exploit AdminPaint to escalate our privileges to Admin.
We will click on AdminPaint application.
Note: You can check the privilege onwhich the application is running by examining its process.
click on File->Open and then replace the path with the path of command prompt c:\Windows\syste32\cmd.exe.
Well…As you can see, we have obtained cmd with Admin privilege.