finding them (after getting a normal/non privileged shell):
whoami /privbad ones to have enabled:
SeImpresonatePrivilege (AKA SeAssignPrimaryToken) both are Potato Attacks!
SeChangeNotifyPrivilege
meterpreter:
getprivssame bad ones
PayloadsAllTheThings/Methodology and Resources/Windows - Privilege Escalation.md at master · swisskyrepo/PayloadsAllTheThings (github.com)
To see the table format:
https://academy.tcm-sec.com/courses/1154361/lectures/24797727
around 2:30