Are there any risks involved in using these commands?

Yes, certain kernel exploits can cause system instability or crashes. These techniques should only be used on systems where you have explicit, written authorization to perform security testing.

Which Windows versions are supported by these techniques?

The guide covers a broad range of versions, including legacy systems like Windows 7 and Server 2008, up to modern environments like Windows 10, 11, and Server 2019/2022.

What kind of vulnerabilities does this skill help identify?

It helps identify unquoted service paths, weak service permissions, stored credentials in the registry, vulnerable kernel versions, and insecure token privileges like SeImpersonatePrivilege.

What is the primary purpose of the Windows Privilege Escalation skill?

It provides a structured methodology and specific command syntax for identifying and exploiting misconfigurations to gain higher privileges on Windows systems during authorized security tests.

Does this skill automate the exploitation process?

No, it acts as a knowledge base and guide, providing the necessary PowerShell and CMD commands for a security professional to perform the tasks manually.

Windows Privilege Escalation Guide

Name: Windows Privilege Escalation Guide
Author: claudiodearaujo

byclaudiodearaujo

Seguridad y Pruebas

Provides systematic methodologies and command references for discovering and exploiting privilege escalation vulnerabilities on Windows systems.

Acerca de

This skill serves as a comprehensive technical manual for security professionals to elevate user privileges from standard accounts to Administrator or SYSTEM on Windows environments. It streamlines the identification of system vulnerabilities by providing exact command syntax for system enumeration, credential harvesting from SAM and registry hives, service misconfiguration exploitation, and advanced token impersonation techniques. Ideal for authorized penetration testers, it covers modern attack vectors like HiveNightmare and various 'Potato' attacks, ensuring a structured approach to post-exploitation and security auditing.

Características Principales

0 GitHub stars
Detailed service exploitation guides for unquoted paths and weak permissions
Comprehensive system, user, and network enumeration command library
Credential harvesting workflows for SAM/SYSTEM files and stored passwords
Token impersonation methodology including JuicyPotato and PrintSpoofer
Kernel vulnerability identification and exploit reference mapping

Casos de Uso

Conducting authorized penetration testing and red teaming engagements
Performing security audits to identify and remediate local system misconfigurations
Documenting privilege escalation paths for vulnerability research and reporting

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter windows-privilege-escalation

For use in Claude.ai and ChatGPT

Download Skill

GitHub