Not sure who’s seen this or tried it yet, but it looks pretty cool. Take an unprivileged windows user and escalate rights to local admin. :-) Works on all versions of Windows and Desktop and Server.

Basically it’s the responder attack with an SMB relay used to get the system to authenticate to itself and then create a system level service that runs arbitrary commands.