Compétences privilege-escalation-methods
🔐

privilege-escalation-methods

Risque élevé ⚙️ Commandes externes🌐 Accès réseau📁 Accès au système de fichiers

Execute Privilege Escalation Techniques

Security professionals need reliable reference material for authorized penetration testing. This skill provides documented escalation techniques for Linux and Windows environments with proper context and prerequisites.

Prend en charge: Claude Codex Code(CC)
⚠️ 56 Médiocre
1

Télécharger le ZIP du skill

2

Importer dans Claude

Allez dans Paramètres → Capacités → Skills → Importer un skill

3

Activez et commencez à utiliser

Tester

Utilisation de "privilege-escalation-methods". Enumerate sudo permissions on compromised Linux host

Résultat attendu:

  • Run: sudo -l
  • Review listed commands that can be executed without password
  • Cross-reference with GTFOBins for exploitation techniques
  • Example output shows: (root) NOPASSWD: /usr/bin/vim
  • Exploitation: sudo vim -c ':!/bin/bash' spawns root shell

Utilisation de "privilege-escalation-methods". Request Kerberoastable service tickets in Active Directory

Résultat attendu:

  • Run: GetUserSPNs.py domain.local/user:pass -dc-ip 10.10.10.1 -request
  • Tool requests TGS tickets for accounts with SPNs set
  • Output contains NTLM hashes suitable for offline cracking
  • Crack with: hashcat -m 13100 hashes.txt wordlist.txt
  • Successful crack reveals service account plaintext password

Audit de sécurité

Risque élevé
v1 • 2/24/2026

This skill documents offensive security techniques for authorized penetration testing. Static analysis detected 125 patterns including shell execution, credential harvesting, and privilege escalation commands. All findings are TRUE POSITIVES representing documented attack techniques. The skill is educational reference material but contains actionable exploit instructions that require careful handling. Recommended for security professionals only with appropriate warnings.

1
Fichiers analysés
339
Lignes analysées
12
résultats
1
Total des audits

Problèmes critiques (2)

SKILL.md:183-215SKILL.md:221-247
Credential Theft Techniques Documented
The skill contains detailed instructions for harvesting credentials including Mimikatz usage, NTLM relay attacks, and Kerberos ticket manipulation. These are powerful offensive techniques that can compromise entire domains if misused.
SKILL.md:40-111SKILL.md:119-159
Privilege Escalation Exploit Code
Complete exploit chains for Linux (sudo abuse, SUID binaries, capabilities) and Windows (token impersonation, service abuse, driver exploitation) that grant root/administrator access.

Problèmes à risque élevé (3)

SKILL.md:165-215
Active Directory Attack Chain
Complete AD compromise workflow including Kerberoasting, AS-REP roasting, Golden Ticket creation, and Pass-the-Ticket attacks that can lead to full domain control.
SKILL.md:221-239
LLMNR/NBT-NS Poisoning
Network credential harvesting using Responder and NTLM relay attacks that capture and crack Windows authentication hashes.
SKILL.md:211-215
Persistence Mechanisms
Scheduled task creation for persistent access using Golden Ticket authentication to maintain domain control.
Problèmes à risque moyen (3)
SKILL.md:65-70SKILL.md:99-101
SUID Binary Exploitation
Techniques for creating and abusing SUID binaries to escalate from user to root on Linux systems.
SKILL.md:74-87
Capability Abuse
Exploitation of Linux capabilities (cap_setuid, cap_dac_read_search) to bypass traditional permission models.
SKILL.md:91-101
NFS Root Squash Bypass
Abusing NFS no_root_squash configuration to create privileged binaries on mounted shares.
Problèmes à risque faible (1)
SKILL.md:43-44SKILL.md:60-63SKILL.md:76-77
System Reconnaissance Commands
Information gathering commands for enumerating sudo permissions, cron jobs, and system configuration.

Facteurs de risque

⚙️ Commandes externes (5)
SKILL.md:40-55 SKILL.md:65-70 SKILL.md:79-82 SKILL.md:119-125 SKILL.md:138-159
🌐 Accès réseau (4)
SKILL.md:169-173 SKILL.md:213-214 SKILL.md:229-232 SKILL.md:309-312
📁 Accès au système de fichiers (3)
SKILL.md:85-87 SKILL.md:96-101 SKILL.md:244-247

Motifs détectés

GTFOBins Technique ReferenceKerberos Attack Toolkit
Audité par: claude

Score de qualité

38
Architecture
100
Maintenabilité
87
Contenu
50
Communauté
0
Sécurité
91
Conformité aux spécifications

Ce que vous pouvez construire

Penetration Tester Post-Exploitation

Security consultant with initial foothold needs to demonstrate privilege escalation risks to client

Red Team Domain Compromise

Red team operator needs reference for Active Directory attack chains during engagement

Security Research Education

Defensive security researcher studying attack techniques to improve detection capabilities

Essayez ces prompts

Basic Enumeration 
I have a low-privilege shell on a Linux target. Show me enumeration commands to identify potential privilege escalation vectors including sudo permissions, SUID binaries, and writable cron jobs.
Sudo Exploitation 
I found that my user can run vim as root without a password. Provide the GTFOBins technique to escalate to root using this misconfiguration.
Active Directory Kerberoasting 
I have domain user credentials and need to identify service accounts vulnerable to Kerberoasting. Show me the Impacket and Rubeus commands to request and crack service tickets.
Windows Token Impersonation 
I have SeImpersonatePrivilege on a Windows host. Explain how to use SweetPotato or SharpImpersonation to escalate to SYSTEM level access.

Bonnes pratiques

  • Always obtain written authorization before testing on any system you do not own
  • Document all exploitation steps and clean up artifacts after engagement completion
  • Use isolated lab environments for learning and testing these techniques

Éviter

  • Never attempt privilege escalation on production systems without explicit client approval
  • Do not leave persistence mechanisms or backdoors without documented authorization
  • Avoid running automated tools without understanding their impact on target systems

Foire aux questions

Is this skill legal to use?
Only use these techniques on systems you own or have explicit written authorization to test. Unauthorized access is illegal in most jurisdictions.
Do I need special tools for these techniques?
Yes, many techniques require tools like Mimikatz, Rubeus, Impacket, or PowerUp. These must be obtained and deployed separately on your attack infrastructure.
Why are some techniques marked as domain-required?
Active Directory attacks like Kerberoasting require network access to a domain controller and valid domain credentials. Local techniques work on standalone systems.
What if sudo -l requires a password?
If sudo requires authentication, try other vectors like SUID binaries, cron job abuse, capability exploitation, or kernel exploits depending on your situation.
How do I know which technique will work?
Thorough enumeration is essential. Run comprehensive scans with LinPEAS or WinPEAS, then manually verify findings before attempting exploitation.
Should I use these techniques in bug bounty programs?
Most bug bounty programs prohibit privilege escalation on their infrastructure. Always check program rules and obtain explicit permission before testing.

Détails du développeur

Auteur

sickn33

Licence

MIT

Dépôt

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/privilege-escalation-methods

Réf

main

Structure de fichiers

📄 SKILL.md