windows-privilege-escalation_skill

This skill guides systematic Windows privilege escalation, helping you enumerate defenses, harvest credentials, and obtain elevated access during authorized
  • JavaScript

0

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill jcastillotx/vibe-skeleton-app --skill windows-privilege-escalation

  • SKILL.md14.0 KB

Overview

This skill provides practical, step-by-step guidance to discover and exploit Windows privilege escalation vectors during authorized penetration tests. It focuses on systematic enumeration, credential harvesting, service and token abuses, kernel exploits, and post-exploitation techniques to move from a standard user to Administrator or SYSTEM. The content emphasizes safe operational constraints, detection considerations, and remediation recommendations.

How this skill works

I walk you through a repeatable workflow: gather system, user, and network information; search for stored credentials and misconfigurations; test service permissions, unquoted paths, and installer policies; attempt token impersonation and kernel exploits where appropriate. Commands and tool recommendations are provided for PowerShell/CLI enumeration, credential dumping, exploiting services, DLL hijacking, JuicyPotato-style token abuse, and kernel exploit discovery. Results include an escalation path, harvested credentials or tokens, and guidance to produce an actionable remediation report.

When to use it

  • You have authorized access to a Windows host as a non-privileged user.
  • You need to identify how an attacker could gain Administrator or SYSTEM privileges.
  • During internal network engagements or post-exploitation after initial foothold.
  • To validate security controls like service permissions, AV/EDR detection, and patch management.
  • When producing remediation recommendations for Windows privilege-related weaknesses.

Best practices

  • Confirm written authorization and scope before testing; avoid disruptive kernel exploits on production systems.
  • Start with comprehensive enumeration (WinPEAS, PowerUp, Seatbelt) before running risky exploits.
  • Prefer living-off-the-land techniques and least-impact methods when possible to reduce detection and instability.
  • Log and document each attempt, including commands, outputs, and timestamps for reporting and remediation guidance.
  • Validate exploit compatibility with Windows version and patch level; test on isolated lab images first.

Example use cases

  • Find writable service binary or weak service ACLs, replace binary, and restart to obtain SYSTEM shell.
  • Search registry and user files for stored passwords, PuTTY/VNC entries, or unattended setup files to harvest credentials.
  • Detect AlwaysInstallElevated enabled and install a crafted MSI to escalate to SYSTEM when both HKCU and HKLM keys are set.
  • Use token impersonation tools (JuicyPotato, PrintSpoofer) after confirming SeImpersonatePrivilege to spawn elevated processes.
  • Run Windows Exploit Suggester or Sherlock to identify applicable kernel exploits for unpatched systems.

FAQ

Many techniques can cause instability or trigger alerts. Only run approved tests and prefer non-disruptive enumeration and credential discovery on production systems.

What tools do I need to start?

Common tools: WinPEAS/PowerUp/Seatbelt for enumeration, mimikatz for credential extraction, accesschk for ACLs, JuicyPotato/PrintSpoofer for token attacks, and Windows Exploit Suggester/Sherlock for kernel issues.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational