I am a member of the Administrators group on a Windows 7 box, how can I spawn a reverse shell with elevated privileges?

I am learning Windows Privilege escalation. I’ve managed to add a user to the Administrators group but I don’t know how to execute nc.exe, present in the Temp dir, with eleavated privileges. My end goal, here, is to get a reverse-shell as nt authority\system, with this newly created privileges for the user user.

Following are some of the details on the Windows box:

c:\Temp>net localgroup administrators net localgroup administrators Alias name     administrators Comment        Administrators have complete and unrestricted access to the computer/domain  Members  ------------------------------------------------------------------------------- Administrator TCM user The command completed successfully.   c:\Temp>whoami whoami tcm-pc\user  systeminfo  Host Name:                 TCM-PC OS Name:                   Microsoft Windows 7 Professional  OS Version:                6.1.7601 Service Pack 1 Build 7601 OS Manufacturer:           Microsoft Corporation OS Configuration:          Standalone Workstation OS Build Type:             Multiprocessor Free Registered Owner:          TCM Registered Organization:    Product ID:                00371-221-2693053-06399 Original Install Date:     4/15/2020, 9:38:13 AM System Boot Time:          6/17/2020, 9:13:27 PM System Manufacturer:       Xen System Model:              HVM domU System Type:               x64-based PC Processor(s):              1 Processor(s) Installed.                            [01]: Intel64 Family 6 Model 79 Stepping 1 GenuineIntel ~2300 Mhz BIOS Version:              Xen 4.2.amazon, 8/24/2006 Windows Directory:         C:\Windows System Directory:          C:\Windows\system32 Boot Device:               \Device\HarddiskVolume1 System Locale:             en-us;English (United States) Input Locale:              en-us;English (United States) Time Zone:                 (UTC-05:00) Eastern Time (US & Canada) Total Physical Memory:     2,048 MB Available Physical Memory: 1,413 MB Virtual Memory: Max Size:  4,095 MB Virtual Memory: Available: 3,409 MB Virtual Memory: In Use:    686 MB Page File Location(s):     C:\pagefile.sys Domain:                    WORKGROUP Logon Server:              \TCM-PC                                                                             Hotfix(s):                 3 Hotfix(s) Installed.                                                                                          [01]: KB2534111                                                                                                 [02]: KB2999226                                                                                                 [03]: KB976902 Network Card(s):           1 NIC(s) Installed.                                                                                             [01]: AWS PV Network Device                                                                                           Connection Name: Local Area Connection 2                                                                        DHCP Enabled:    Yes                                                                                            DHCP Server:     10.10.0.1                                                                                      IP address(es)                                                                                                  [01]: 10.10.50.233                                                                                              [02]: fe80::f1df:5563:c002:f2c1                                                                                                                                                                c:\Temp>netsh firewall show config netsh firewall show config   Domain profile configuration:                                                                                   -------------------------------------------------------------------                                             Operational mode                  = Enable                                                                      Exception mode                    = Enable                                                                      Multicast/broadcast response mode = Enable Notification mode                 = Enable  Service configuration for Domain profile: Mode     Customized  Name ------------------------------------------------------------------- Enable   No          Remote Desktop  Allowed programs configuration for Domain profile: Mode     Traffic direction    Name / Program -------------------------------------------------------------------  Port configuration for Domain profile: Port   Protocol  Mode    Traffic direction     Name -------------------------------------------------------------------  ICMP configuration for Domain profile: Mode     Type  Description ------------------------------------------------------------------- Enable   2     Allow outbound packet too big  Standard profile configuration (current): ------------------------------------------------------------------- Operational mode                  = Disable Exception mode                    = Enable Multicast/broadcast response mode = Enable Notification mode                 = Enable  Service configuration for Standard profile: Mode     Customized  Name ------------------------------------------------------------------- Enable   No          File and Printer Sharing Enable   No          Network Discovery Enable   No          Remote Desktop  Allowed programs configuration for Standard profile: Mode     Traffic direction    Name / Program -------------------------------------------------------------------  Port configuration for Standard profile: Port   Protocol  Mode    Traffic direction     Name -------------------------------------------------------------------  ICMP configuration for Standard profile: Mode     Type  Description ------------------------------------------------------------------- Enable   2     Allow outbound packet too big