Habilidades windows-privilege-escalation
🛡️
windows-privilege-escalation
Alto Risco ⚙️
Comandos externos📁
Acesso ao sistema de arquivos
Escalate Privileges on Windows Systems
Discover and exploit Windows privilege escalation vulnerabilities during authorized penetration testing. Provides systematic methodologies for credential harvesting, service exploitation, and token impersonation.
Suporta: Claude Codex Code(CC)
1
Baixar o ZIP da skill
2
Upload no Claude
Vá em Configurações → Capacidades → Skills → Upload skill
3
Ative e comece a usar
Testar
A utilizar "windows-privilege-escalation". Enumerate privilege escalation vectors on this Windows host
Resultado esperado:
- === PRIVILEGE ESCALATION ASSESSMENT ===
- CRITICAL FINDINGS:
- - SeImpersonatePrivilege enabled - JuicyPotato exploitation possible
- - Unquoted service path: C:\Program Files\VulnApp\service.exe
- HIGH FINDINGS:
- - Service 'MyService' writable by Authenticated Users
- - AlwaysInstallElevated registry key enabled
- MEDIUM FINDINGS:
- - Stored credentials found in Windows Credential Manager
- - Weak file permissions on C:\Windows\Temp
- RECOMMENDED EXPLOITATION ORDER:
- 1. Exploit unquoted service path (low risk)
- 2. Abuse SeImpersonatePrivilege with JuicyPotato
- 3. Target vulnerable service configuration
A utilizar "windows-privilege-escalation". Find stored credentials on this system
Resultado esperado:
- === CREDENTIAL DISCOVERY RESULTS ===
- Registry Credentials:
- - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- DefaultUserName: Administrator
- DefaultPassword: [REDACTED - use reg query to view]
- Saved Windows Credentials:
- - Target: WORKGROUP\Administrator
- Type: Domain Password
- Persistence: Local Machine
- WiFi Passwords:
- - SSID: CorporateNetwork
- Key: [Use netsh wlan show profile name=SSID key=clear]
- POTENTIAL USE:
- - Attempt runas with discovered credentials
- - Try lateral movement with psexec
- - Test password reuse on other systems
Auditoria de Segurança
Alto Riscov1 • 2/25/2026
This skill contains Windows privilege escalation techniques for authorized penetration testing. Static analysis detected 114 external command patterns (PowerShell, cmd.exe), 9 network references (standard pentest example IPs), and 5 filesystem operations. All findings are contextually appropriate for a defensive security tool. The skill includes proper legal disclaimers and is designed for authorized security testing only.
1
Arquivos analisados
502
Linhas analisadas
8
achados
1
Total de auditorias
Problemas de Alto Risco (3)
Credential Access Techniques
Skill contains methods for accessing Windows SAM database and Credential Manager for password hash extraction. These are legitimate penetration testing techniques but could be misused.
Token Impersonation Attacks
Contains JuicyPotato, PrintSpoofer, and other token impersonation techniques that escalate to SYSTEM privileges. Educational content for authorized testing only.
Service Exploitation Methods
Techniques for exploiting misconfigured Windows services including binary path replacement and unquoted service paths. Requires administrative context.
Problemas de Risco Médio (2)
Windows Registry Access
Contains registry queries for credential discovery and configuration enumeration. Standard Windows administration technique.
Network Reconnaissance Commands
Contains network enumeration commands (netstat, arp, route). Standard penetration testing reconnaissance.
Problemas de Baixo Risco (1)
System Enumeration Commands
Contains systeminfo, whoami, and other reconnaissance commands. Standard Windows administration and pentesting.
Fatores de risco
⚙️ Comandos externos (9)
📁 Acesso ao sistema de arquivos (3)
Padrões Detectados
PowerShell Command ExecutionWindows Command Execution
Auditado por: claude
Pontuação de qualidade
38
Arquitetura
100
Manutenibilidade
87
Conteúdo
50
Comunidade
5
Segurança
87
Conformidade com especificações
O Que Você Pode Construir
Penetration Testing Engagement
Security consultants performing authorized assessments use this skill to identify privilege escalation paths and demonstrate business impact to clients.
Red Team Operations
Red team members leverage these techniques to simulate adversary tactics and test organizational detection and response capabilities.
Security Training and CTF
Security professionals and students use this skill to learn Windows exploitation techniques in controlled lab environments and capture the flag competitions.
Tente Estes Prompts
Basic System Enumeration
Enumerate the current Windows system for privilege escalation vectors. Check user privileges, group memberships, installed software, and running services. Present findings in a prioritized list.
Credential Discovery
Search for stored credentials on this Windows system. Check the registry, configuration files, Windows Credential Manager, and browser storage. Document any discovered credentials and their potential use.
Service Exploitation Analysis
Analyze Windows services for exploitation opportunities. Check for unquoted service paths, weak service permissions, and vulnerable service configurations. Provide specific exploitation steps for each finding.
Comprehensive Privilege Escalation Assessment
Perform a complete Windows privilege escalation assessment. Run systematic enumeration across all vectors: system info, credentials, services, scheduled tasks, registry, and kernel vulnerabilities. Generate a prioritized exploitation roadmap with specific commands for each path.
Melhores Práticas
- Always obtain written authorization before testing any system you do not own
- Test exploitation techniques in a lab environment before production use
- Document all findings with timestamps and evidence for client reporting
- Avoid kernel exploits on production systems due to crash risk
- Clean up any tools or files created during the engagement
Evitar
- Running kernel exploits on production systems without backup and recovery plan
- Using loud enumeration techniques that trigger security alerts before objectives are met
- Leaving exploitation tools or backdoors on client systems after engagement ends
- Testing without proper scope definition and rules of engagement documentation
Perguntas Frequentes
Is this skill legal to use?
This skill is designed for authorized penetration testing only. You must have written permission from system owners before using these techniques. Unauthorized access to computer systems is illegal in most jurisdictions.
Will these techniques work on all Windows versions?
No. Techniques are version-dependent. Kernel exploits target specific Windows versions. Always verify OS version and patch level before attempting exploitation. The skill includes version compatibility information for each technique.
Why do some exploits fail even when the vulnerability exists?
Antivirus and EDR solutions commonly block known exploitation tools. Try living-off-the-land techniques, custom compiled binaries, or obfuscated payloads. Some exploits also require specific system configurations.
What is the safest privilege escalation technique?
Service misconfigurations (unquoted paths, weak permissions) are generally safest as they do not involve kernel code execution. Credential-based escalation using saved passwords is also low-risk compared to kernel exploits.
Can I use this skill for defensive security work?
Yes. Understanding offensive techniques is essential for defensive security. Use this skill to audit your own systems, identify vulnerabilities before attackers do, and improve security posture.
What tools do I need to transfer to the target system?
Many techniques use built-in Windows commands. For advanced exploitation, common tools include WinPEAS, PowerUp, JuicyPotato, PrintSpoofer, and Mimikatz. Always verify tool hashes and test in lab environments first.
Detalhes do Desenvolvedor
Autor
sickn33Licença
MIT
Repositório
https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/windows-privilege-escalationReferência
main
Estrutura de arquivos
📄 SKILL.md