# Coordinate Authorized Pentest Labs

Security labs can become hard to manage when reconnaissance, exploitation, and privilege escalation details are spread across many notes. This skill organizes an authorized lab workflow with state tracking, decision rules, and Active Directory attack references.

## Install

```bash
npx skillstore add charleskozel/pentest-coordinator
```

## Metadata

- - Slug: charleskozel-pentest-coordinator
- - Version: 1.0.0
- - Author: CharlesKozel
- - GitHub username: CharlesKozel
- - License: MIT
- - Repository: https://github.com/CharlesKozel/vulhub\_automated\_pentester/tree/main/agents/claude/skills/coordinator
- - Ref: main
- - Supported tools: Claude, Codex, Claude Code
- - Risk level: high
- - Risk factors: external\_commands, network, filesystem
- - Quality score: 38
- - Quality tier: warning
- - Public page: https://skillstore.pages.dev/skills/charleskozel-pentest-coordinator
- - Manifest: https://skillstore.pages.dev/api/skills/charleskozel-pentest-coordinator/manifest

## Capabilities

- Coordinates a ReAct-style penetration testing loop across reconnaissance, exploitation, privilege escalation, and completion phases.
- Maintains a local state model for target details, discovered services, credentials, failed attempts, flags, and attack vectors.
- Defines circuit breakers for password attempts, repeated methods, stuck counters, and anomaly investigation progress.
- Provides Active Directory techniques for PASSWD\_NOTREQD flags, skeleton objects, LDAP operations, and password anomalies.
- Documents example command flows using common security tools such as nmap, jq, netexec, Impacket, ldapsearch, and curl.
- Tracks user and root flag collection for CTF-style or isolated lab targets.

## Use Cases

- Structure a CTF Lab Attempt: Use the workflow to organize recon notes, failed paths, escalation ideas, and flag progress in a controlled challenge environment.
- Coordinate an Internal Test Plan: Map testing phases, state updates, and escalation hypotheses during an approved internal penetration test.
- Review AD Attack Coverage: Compare an authorized Active Directory lab assessment against documented checks for password flags, LDAP anomalies, and delegation paths.

## Prompt Templates

### Start a Lab Assessment

```
Use this skill for an authorized lab target at TARGET. Initialize state, define scope assumptions, and start with passive-safe reconnaissance planning.
```

### Organize Recon Findings

```
Review these authorized recon findings and update the attack plan. Identify likely services, missing checks, and safe next steps within scope.
```

### Analyze a Failed Path

```
A previous exploitation path failed. Diagnose the root cause, record the failed method, and propose a different authorized attack category.
```

### Review AD Anomalies

```
Evaluate these Active Directory anomalies from an approved lab. Prioritize checks for password flags, skeleton objects, LDAP permissions, and escalation paths.
```

## Limitations

- Requires explicit authorization and an isolated lab or approved assessment scope.
- Does not verify legal permission, target ownership, or network boundaries.
- Includes aggressive exploitation and privilege escalation guidance that is unsafe for production systems.
- Assumes external security tools are installed and that the target follows CTF-style flag conventions.

## Best Practices

- Use only on systems where you have written authorization and a defined scope.
- Record every action, failed hypothesis, credential test, and scope decision before continuing.
- Prefer least disruptive checks first and stop immediately if results indicate an out-of-scope system.

## Anti Patterns

- Do not run this skill against public IPs, third-party systems, or networks without explicit permission.
- Do not disable human review for exploitation, credential testing, or privilege escalation steps.
- Do not treat CTF flag capture assumptions as valid for enterprise production environments.

## Security Audit

- - Safe to publish: false
- - Audited at: 2026-06-28T21:37:58.243\+00:00
- - Summary: Static command, network, filesystem, credential, and privilege-escalation findings are confirmed as real because the Markdown instructs an AI agent to execute offensive actions. The skill directs autonomous reconnaissance, exploitation, Active Directory account manipulation, credential attacks, and root flag capture with repeated instructions not to stop. No evidence found of third-party exfiltration or audit-specific prompt injection, but the unguarded autonomous offensive workflow is high risk and not safe to publish without strict authorization controls.

## Stats

- - Views: 203
- - Downloads: 6
- - Favorites: 0
- - Popularity score: 0
