I successfully stole a process token, but I wasn't able to enable the privileges SeSecurityPrivilege and SeTakeOwnershipPrivilege, because there wasn't any:

I tried using Enable_Privilege ProcID SeSecurityPrivilege, but what I got is just this:

That means it should've worked out, but it didn't... The command List_Privileges ProcID always returns the same stuff like on the first screenshot.

I also tried running CMD as an admin and even as an NT AUTHORITY\System, but nothing worked out.

Seems like the program removes almost all privileges after launching. Is there a way to restore them using Tokenvator?

Hi @norths1 at the moment Tokenvator doesn't have the ability to add a privilege that do not currently exist on a token. Right now it can enable/disable/remove privileges, but just can't add or assign them yet. The ability to add privileges and assign tokens to remote processes is going to be the feature set that I will be targeting for in the next release.

That said, looking at that token, it looks like a standard (unprivileged) low/medium integrity token. For those privileges that you were trying to add your probably going to need to grab a high integrity token. As a potential work around you could try to steal a high integrity token from a different process and create the process using the stolen token. If that wont work in that situation you could also try to assign the privilege using group policy under "User Right Assignment" (https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment).