スキル windows-privilege-escalation
🛡️

windows-privilege-escalation

高リスク ⚙️ 外部コマンド📁 ファイルシステムへのアクセス

Escalate Privileges on Windows Systems

Discover and exploit Windows privilege escalation vulnerabilities during authorized penetration testing. Provides systematic methodologies for credential harvesting, service exploitation, and token impersonation.

対応: Claude Codex Code(CC)
⚠️ 56 貧弱
1

スキルZIPをダウンロード

2

Claudeでアップロード

設定 → 機能 → スキル → スキルをアップロードへ移動

3

オンにして利用開始

テストする

「windows-privilege-escalation」を使用しています。 Enumerate privilege escalation vectors on this Windows host

期待される結果:

  • === PRIVILEGE ESCALATION ASSESSMENT ===
  •  
  • CRITICAL FINDINGS:
  • - SeImpersonatePrivilege enabled - JuicyPotato exploitation possible
  • - Unquoted service path: C:\Program Files\VulnApp\service.exe
  •  
  • HIGH FINDINGS:
  • - Service 'MyService' writable by Authenticated Users
  • - AlwaysInstallElevated registry key enabled
  •  
  • MEDIUM FINDINGS:
  • - Stored credentials found in Windows Credential Manager
  • - Weak file permissions on C:\Windows\Temp
  •  
  • RECOMMENDED EXPLOITATION ORDER:
  • 1. Exploit unquoted service path (low risk)
  • 2. Abuse SeImpersonatePrivilege with JuicyPotato
  • 3. Target vulnerable service configuration

「windows-privilege-escalation」を使用しています。 Find stored credentials on this system

期待される結果:

  • === CREDENTIAL DISCOVERY RESULTS ===
  •  
  • Registry Credentials:
  • - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  • DefaultUserName: Administrator
  • DefaultPassword: [REDACTED - use reg query to view]
  •  
  • Saved Windows Credentials:
  • - Target: WORKGROUP\Administrator
  • Type: Domain Password
  • Persistence: Local Machine
  •  
  • WiFi Passwords:
  • - SSID: CorporateNetwork
  • Key: [Use netsh wlan show profile name=SSID key=clear]
  •  
  • POTENTIAL USE:
  • - Attempt runas with discovered credentials
  • - Try lateral movement with psexec
  • - Test password reuse on other systems

セキュリティ監査

高リスク
v1 • 2/25/2026

This skill contains Windows privilege escalation techniques for authorized penetration testing. Static analysis detected 114 external command patterns (PowerShell, cmd.exe), 9 network references (standard pentest example IPs), and 5 filesystem operations. All findings are contextually appropriate for a defensive security tool. The skill includes proper legal disclaimers and is designed for authorized security testing only.

1
スキャンされたファイル
502
解析された行数
8
検出結果
1
総監査数

高リスクの問題 (3)

SKILL.md:112-125SKILL.md:325
Credential Access Techniques
Skill contains methods for accessing Windows SAM database and Credential Manager for password hash extraction. These are legitimate penetration testing techniques but could be misused.
SKILL.md:267-279
Token Impersonation Attacks
Contains JuicyPotato, PrintSpoofer, and other token impersonation techniques that escalate to SYSTEM privileges. Educational content for authorized testing only.
SKILL.md:207-230
Service Exploitation Methods
Techniques for exploiting misconfigured Windows services including binary path replacement and unquoted service paths. Requires administrative context.
中リスクの問題 (2)
SKILL.md:150-161SKILL.md:161
Windows Registry Access
Contains registry queries for credential discovery and configuration enumeration. Standard Windows administration technique.
SKILL.md:81-101
Network Reconnaissance Commands
Contains network enumeration commands (netstat, arp, route). Standard penetration testing reconnaissance.
低リスクの問題 (1)
SKILL.md:38-78
System Enumeration Commands
Contains systeminfo, whoami, and other reconnaissance commands. Standard Windows administration and pentesting.

リスク要因

⚙️ 外部コマンド (9)
SKILL.md:38-53 SKILL.md:56-78 SKILL.md:81-101 SKILL.md:104-107 SKILL.md:216-219 SKILL.md:269-279 SKILL.md:343 SKILL.md:426 SKILL.md:455-458
📁 ファイルシステムへのアクセス (3)
SKILL.md:114-121 SKILL.md:362-368 SKILL.md:464-475

検出されたパターン

PowerShell Command ExecutionWindows Command Execution
監査者: claude

品質スコア

38
アーキテクチャ
100
保守性
87
コンテンツ
50
コミュニティ
5
セキュリティ
87
仕様準拠

作れるもの

Penetration Testing Engagement

Security consultants performing authorized assessments use this skill to identify privilege escalation paths and demonstrate business impact to clients.

Red Team Operations

Red team members leverage these techniques to simulate adversary tactics and test organizational detection and response capabilities.

Security Training and CTF

Security professionals and students use this skill to learn Windows exploitation techniques in controlled lab environments and capture the flag competitions.

これらのプロンプトを試す

Basic System Enumeration 
Enumerate the current Windows system for privilege escalation vectors. Check user privileges, group memberships, installed software, and running services. Present findings in a prioritized list.
Credential Discovery 
Search for stored credentials on this Windows system. Check the registry, configuration files, Windows Credential Manager, and browser storage. Document any discovered credentials and their potential use.
Service Exploitation Analysis 
Analyze Windows services for exploitation opportunities. Check for unquoted service paths, weak service permissions, and vulnerable service configurations. Provide specific exploitation steps for each finding.
Comprehensive Privilege Escalation Assessment 
Perform a complete Windows privilege escalation assessment. Run systematic enumeration across all vectors: system info, credentials, services, scheduled tasks, registry, and kernel vulnerabilities. Generate a prioritized exploitation roadmap with specific commands for each path.

ベストプラクティス

  • Always obtain written authorization before testing any system you do not own
  • Test exploitation techniques in a lab environment before production use
  • Document all findings with timestamps and evidence for client reporting
  • Avoid kernel exploits on production systems due to crash risk
  • Clean up any tools or files created during the engagement

回避

  • Running kernel exploits on production systems without backup and recovery plan
  • Using loud enumeration techniques that trigger security alerts before objectives are met
  • Leaving exploitation tools or backdoors on client systems after engagement ends
  • Testing without proper scope definition and rules of engagement documentation

よくある質問

Is this skill legal to use?
This skill is designed for authorized penetration testing only. You must have written permission from system owners before using these techniques. Unauthorized access to computer systems is illegal in most jurisdictions.
Will these techniques work on all Windows versions?
No. Techniques are version-dependent. Kernel exploits target specific Windows versions. Always verify OS version and patch level before attempting exploitation. The skill includes version compatibility information for each technique.
Why do some exploits fail even when the vulnerability exists?
Antivirus and EDR solutions commonly block known exploitation tools. Try living-off-the-land techniques, custom compiled binaries, or obfuscated payloads. Some exploits also require specific system configurations.
What is the safest privilege escalation technique?
Service misconfigurations (unquoted paths, weak permissions) are generally safest as they do not involve kernel code execution. Credential-based escalation using saved passwords is also low-risk compared to kernel exploits.
Can I use this skill for defensive security work?
Yes. Understanding offensive techniques is essential for defensive security. Use this skill to audit your own systems, identify vulnerabilities before attackers do, and improve security posture.
What tools do I need to transfer to the target system?
Many techniques use built-in Windows commands. For advanced exploitation, common tools include WinPEAS, PowerUp, JuicyPotato, PrintSpoofer, and Mimikatz. Always verify tool hashes and test in lab environments first.

開発者の詳細

作成者

sickn33

ライセンス

MIT

リポジトリ

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/windows-privilege-escalation

参照

main

ファイル構成

📄 SKILL.md