a simple bof to impersonate a logged on user session without OpenProcess (only works as SYSTEM iirc). all credit goes to 
https://github.com/OmriBaso/WTSImpersonator
and some to CS token vault and SA bofs.
COFFLoader and NiCOFF used for testing.

usage:
wtsimpersonate <arg/int>
wtsimpersonate -1 to list sessions
wtsimpersonate <sessionid> to impersonate