技能 privilege-escalation-methods
🔐

privilege-escalation-methods

高風險 ⚙️ 外部命令🌐 網路存取📁 檔案系統存取

Execute Privilege Escalation Techniques

Security professionals need reliable reference material for authorized penetration testing. This skill provides documented escalation techniques for Linux and Windows environments with proper context and prerequisites.

支援: Claude Codex Code(CC)
⚠️ 56
1

下載技能 ZIP

2

在 Claude 中上傳

前往 設定 → 功能 → 技能 → 上傳技能

3

開啟並開始使用

測試它

正在使用「privilege-escalation-methods」。 Enumerate sudo permissions on compromised Linux host

預期結果:

  • Run: sudo -l
  • Review listed commands that can be executed without password
  • Cross-reference with GTFOBins for exploitation techniques
  • Example output shows: (root) NOPASSWD: /usr/bin/vim
  • Exploitation: sudo vim -c ':!/bin/bash' spawns root shell

正在使用「privilege-escalation-methods」。 Request Kerberoastable service tickets in Active Directory

預期結果:

  • Run: GetUserSPNs.py domain.local/user:pass -dc-ip 10.10.10.1 -request
  • Tool requests TGS tickets for accounts with SPNs set
  • Output contains NTLM hashes suitable for offline cracking
  • Crack with: hashcat -m 13100 hashes.txt wordlist.txt
  • Successful crack reveals service account plaintext password

安全審計

高風險
v1 • 2/24/2026

This skill documents offensive security techniques for authorized penetration testing. Static analysis detected 125 patterns including shell execution, credential harvesting, and privilege escalation commands. All findings are TRUE POSITIVES representing documented attack techniques. The skill is educational reference material but contains actionable exploit instructions that require careful handling. Recommended for security professionals only with appropriate warnings.

1
已掃描檔案
339
分析行數
12
發現項
1
審計總數

嚴重問題 (2)

SKILL.md:183-215SKILL.md:221-247
Credential Theft Techniques Documented
The skill contains detailed instructions for harvesting credentials including Mimikatz usage, NTLM relay attacks, and Kerberos ticket manipulation. These are powerful offensive techniques that can compromise entire domains if misused.
SKILL.md:40-111SKILL.md:119-159
Privilege Escalation Exploit Code
Complete exploit chains for Linux (sudo abuse, SUID binaries, capabilities) and Windows (token impersonation, service abuse, driver exploitation) that grant root/administrator access.

高風險問題 (3)

SKILL.md:165-215
Active Directory Attack Chain
Complete AD compromise workflow including Kerberoasting, AS-REP roasting, Golden Ticket creation, and Pass-the-Ticket attacks that can lead to full domain control.
SKILL.md:221-239
LLMNR/NBT-NS Poisoning
Network credential harvesting using Responder and NTLM relay attacks that capture and crack Windows authentication hashes.
SKILL.md:211-215
Persistence Mechanisms
Scheduled task creation for persistent access using Golden Ticket authentication to maintain domain control.
中風險問題 (3)
SKILL.md:65-70SKILL.md:99-101
SUID Binary Exploitation
Techniques for creating and abusing SUID binaries to escalate from user to root on Linux systems.
SKILL.md:74-87
Capability Abuse
Exploitation of Linux capabilities (cap_setuid, cap_dac_read_search) to bypass traditional permission models.
SKILL.md:91-101
NFS Root Squash Bypass
Abusing NFS no_root_squash configuration to create privileged binaries on mounted shares.
低風險問題 (1)
SKILL.md:43-44SKILL.md:60-63SKILL.md:76-77
System Reconnaissance Commands
Information gathering commands for enumerating sudo permissions, cron jobs, and system configuration.

風險因素

⚙️ 外部命令 (5)
SKILL.md:40-55 SKILL.md:65-70 SKILL.md:79-82 SKILL.md:119-125 SKILL.md:138-159
🌐 網路存取 (4)
SKILL.md:169-173 SKILL.md:213-214 SKILL.md:229-232 SKILL.md:309-312
📁 檔案系統存取 (3)
SKILL.md:85-87 SKILL.md:96-101 SKILL.md:244-247

偵測到的模式

GTFOBins Technique ReferenceKerberos Attack Toolkit
審計者: claude

品質評分

38
架構
100
可維護性
87
內容
50
社群
0
安全
91
規範符合性

你能建構什麼

Penetration Tester Post-Exploitation

Security consultant with initial foothold needs to demonstrate privilege escalation risks to client

Red Team Domain Compromise

Red team operator needs reference for Active Directory attack chains during engagement

Security Research Education

Defensive security researcher studying attack techniques to improve detection capabilities

試試這些提示

Basic Enumeration 
I have a low-privilege shell on a Linux target. Show me enumeration commands to identify potential privilege escalation vectors including sudo permissions, SUID binaries, and writable cron jobs.
Sudo Exploitation 
I found that my user can run vim as root without a password. Provide the GTFOBins technique to escalate to root using this misconfiguration.
Active Directory Kerberoasting 
I have domain user credentials and need to identify service accounts vulnerable to Kerberoasting. Show me the Impacket and Rubeus commands to request and crack service tickets.
Windows Token Impersonation 
I have SeImpersonatePrivilege on a Windows host. Explain how to use SweetPotato or SharpImpersonation to escalate to SYSTEM level access.

最佳實務

  • Always obtain written authorization before testing on any system you do not own
  • Document all exploitation steps and clean up artifacts after engagement completion
  • Use isolated lab environments for learning and testing these techniques

避免

  • Never attempt privilege escalation on production systems without explicit client approval
  • Do not leave persistence mechanisms or backdoors without documented authorization
  • Avoid running automated tools without understanding their impact on target systems

常見問題

Is this skill legal to use?
Only use these techniques on systems you own or have explicit written authorization to test. Unauthorized access is illegal in most jurisdictions.
Do I need special tools for these techniques?
Yes, many techniques require tools like Mimikatz, Rubeus, Impacket, or PowerUp. These must be obtained and deployed separately on your attack infrastructure.
Why are some techniques marked as domain-required?
Active Directory attacks like Kerberoasting require network access to a domain controller and valid domain credentials. Local techniques work on standalone systems.
What if sudo -l requires a password?
If sudo requires authentication, try other vectors like SUID binaries, cron job abuse, capability exploitation, or kernel exploits depending on your situation.
How do I know which technique will work?
Thorough enumeration is essential. Run comprehensive scans with LinPEAS or WinPEAS, then manually verify findings before attempting exploitation.
Should I use these techniques in bug bounty programs?
Most bug bounty programs prohibit privilege escalation on their infrastructure. Always check program rules and obtain explicit permission before testing.

開發者詳情

作者

sickn33

授權

MIT

儲存庫

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/privilege-escalation-methods

引用

main

檔案結構

📄 SKILL.md