Compétences windows-privilege-escalation
🛡️
windows-privilege-escalation
Risque élevé ⚙️
Commandes externes📁
Accès au système de fichiers
Escalate Privileges on Windows Systems
Discover and exploit Windows privilege escalation vulnerabilities during authorized penetration testing. Provides systematic methodologies for credential harvesting, service exploitation, and token impersonation.
Prend en charge: Claude Codex Code(CC)
1
Télécharger le ZIP du skill
2
Importer dans Claude
Allez dans Paramètres → Capacités → Skills → Importer un skill
3
Activez et commencez à utiliser
Tester
Utilisation de "windows-privilege-escalation". Enumerate privilege escalation vectors on this Windows host
Résultat attendu:
- === PRIVILEGE ESCALATION ASSESSMENT ===
- CRITICAL FINDINGS:
- - SeImpersonatePrivilege enabled - JuicyPotato exploitation possible
- - Unquoted service path: C:\Program Files\VulnApp\service.exe
- HIGH FINDINGS:
- - Service 'MyService' writable by Authenticated Users
- - AlwaysInstallElevated registry key enabled
- MEDIUM FINDINGS:
- - Stored credentials found in Windows Credential Manager
- - Weak file permissions on C:\Windows\Temp
- RECOMMENDED EXPLOITATION ORDER:
- 1. Exploit unquoted service path (low risk)
- 2. Abuse SeImpersonatePrivilege with JuicyPotato
- 3. Target vulnerable service configuration
Utilisation de "windows-privilege-escalation". Find stored credentials on this system
Résultat attendu:
- === CREDENTIAL DISCOVERY RESULTS ===
- Registry Credentials:
- - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- DefaultUserName: Administrator
- DefaultPassword: [REDACTED - use reg query to view]
- Saved Windows Credentials:
- - Target: WORKGROUP\Administrator
- Type: Domain Password
- Persistence: Local Machine
- WiFi Passwords:
- - SSID: CorporateNetwork
- Key: [Use netsh wlan show profile name=SSID key=clear]
- POTENTIAL USE:
- - Attempt runas with discovered credentials
- - Try lateral movement with psexec
- - Test password reuse on other systems
Audit de sécurité
Risque élevév1 • 2/25/2026
This skill contains Windows privilege escalation techniques for authorized penetration testing. Static analysis detected 114 external command patterns (PowerShell, cmd.exe), 9 network references (standard pentest example IPs), and 5 filesystem operations. All findings are contextually appropriate for a defensive security tool. The skill includes proper legal disclaimers and is designed for authorized security testing only.
1
Fichiers analysés
502
Lignes analysées
8
résultats
1
Total des audits
Problèmes à risque élevé (3)
Credential Access Techniques
Skill contains methods for accessing Windows SAM database and Credential Manager for password hash extraction. These are legitimate penetration testing techniques but could be misused.
Token Impersonation Attacks
Contains JuicyPotato, PrintSpoofer, and other token impersonation techniques that escalate to SYSTEM privileges. Educational content for authorized testing only.
Service Exploitation Methods
Techniques for exploiting misconfigured Windows services including binary path replacement and unquoted service paths. Requires administrative context.
Problèmes à risque moyen (2)
Windows Registry Access
Contains registry queries for credential discovery and configuration enumeration. Standard Windows administration technique.
Network Reconnaissance Commands
Contains network enumeration commands (netstat, arp, route). Standard penetration testing reconnaissance.
Problèmes à risque faible (1)
System Enumeration Commands
Contains systeminfo, whoami, and other reconnaissance commands. Standard Windows administration and pentesting.
Facteurs de risque
⚙️ Commandes externes (9)
📁 Accès au système de fichiers (3)
Motifs détectés
PowerShell Command ExecutionWindows Command Execution
Audité par: claude
Score de qualité
38
Architecture
100
Maintenabilité
87
Contenu
50
Communauté
5
Sécurité
87
Conformité aux spécifications
Ce que vous pouvez construire
Penetration Testing Engagement
Security consultants performing authorized assessments use this skill to identify privilege escalation paths and demonstrate business impact to clients.
Red Team Operations
Red team members leverage these techniques to simulate adversary tactics and test organizational detection and response capabilities.
Security Training and CTF
Security professionals and students use this skill to learn Windows exploitation techniques in controlled lab environments and capture the flag competitions.
Essayez ces prompts
Basic System Enumeration
Enumerate the current Windows system for privilege escalation vectors. Check user privileges, group memberships, installed software, and running services. Present findings in a prioritized list.
Credential Discovery
Search for stored credentials on this Windows system. Check the registry, configuration files, Windows Credential Manager, and browser storage. Document any discovered credentials and their potential use.
Service Exploitation Analysis
Analyze Windows services for exploitation opportunities. Check for unquoted service paths, weak service permissions, and vulnerable service configurations. Provide specific exploitation steps for each finding.
Comprehensive Privilege Escalation Assessment
Perform a complete Windows privilege escalation assessment. Run systematic enumeration across all vectors: system info, credentials, services, scheduled tasks, registry, and kernel vulnerabilities. Generate a prioritized exploitation roadmap with specific commands for each path.
Bonnes pratiques
- Always obtain written authorization before testing any system you do not own
- Test exploitation techniques in a lab environment before production use
- Document all findings with timestamps and evidence for client reporting
- Avoid kernel exploits on production systems due to crash risk
- Clean up any tools or files created during the engagement
Éviter
- Running kernel exploits on production systems without backup and recovery plan
- Using loud enumeration techniques that trigger security alerts before objectives are met
- Leaving exploitation tools or backdoors on client systems after engagement ends
- Testing without proper scope definition and rules of engagement documentation
Foire aux questions
Is this skill legal to use?
This skill is designed for authorized penetration testing only. You must have written permission from system owners before using these techniques. Unauthorized access to computer systems is illegal in most jurisdictions.
Will these techniques work on all Windows versions?
No. Techniques are version-dependent. Kernel exploits target specific Windows versions. Always verify OS version and patch level before attempting exploitation. The skill includes version compatibility information for each technique.
Why do some exploits fail even when the vulnerability exists?
Antivirus and EDR solutions commonly block known exploitation tools. Try living-off-the-land techniques, custom compiled binaries, or obfuscated payloads. Some exploits also require specific system configurations.
What is the safest privilege escalation technique?
Service misconfigurations (unquoted paths, weak permissions) are generally safest as they do not involve kernel code execution. Credential-based escalation using saved passwords is also low-risk compared to kernel exploits.
Can I use this skill for defensive security work?
Yes. Understanding offensive techniques is essential for defensive security. Use this skill to audit your own systems, identify vulnerabilities before attackers do, and improve security posture.
What tools do I need to transfer to the target system?
Many techniques use built-in Windows commands. For advanced exploitation, common tools include WinPEAS, PowerUp, JuicyPotato, PrintSpoofer, and Mimikatz. Always verify tool hashes and test in lab environments first.
Détails du développeur
Auteur
sickn33Licence
MIT
Dépôt
https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/windows-privilege-escalationRéf
main
Structure de fichiers
📄 SKILL.md