I’m quite possibly missing something but would appreciate any guidance regarding the Lab “Finding and Exploiting DLL Hijacking Vulnerabilities”. Under the heading of Lab Environment, the stated objective of the lab is “Gain access to administrator privilege meterpreter session”. Access to the “victim” computer is provided as standard privileged user called student. The vulnerable application name and location is provided so no enumeration is required to discover it. A third machine (replicating the victim) can be accessed as Administrator and enables the use of ProcMon to discover which DLL’s could be hijacked when the vulnerable application is run. I found a candidate DLL file, transferred an identically named msfvenom meterpreter payload to the appropriate location on the victim computer, and launched the vulnerable application to obtain a session. But this session is as the student user. The vulnerable application isn’t a SYSTEM service that the student user can start/stop so how can I achieve the objective of “gaining access to administrator privilege meterpreter session” ??