windows-privilege-escalation
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a large volume of commands designed to manipulate system services (
sc config), query sensitive registry keys, and use system binaries likemsiexecto execute arbitrary payloads. - [CREDENTIALS_UNSAFE]: Includes detailed instructions for harvesting credentials from the SAM and SYSTEM hives, searching the registry for AutoLogon and VNC passwords, and extracting cleartext WiFi passwords. It also targets PowerShell history files and
unattend.xmlfiles for sensitive data. - [DATA_EXFILTRATION]: Specifically instructs on setting up reverse shells using
nc.exe(Netcat) andmsfvenomgenerated payloads to send command-line access or system data to external IP addresses. - [REMOTE_CODE_EXECUTION]: Promotes the transfer and execution of various external binaries and scripts such as mimikatz, WinPEAS, and Watson for the purpose of exploitation and privilege escalation.
- [COMMAND_EXECUTION]: Details several methods for escalating privileges from standard user to SYSTEM, including token impersonation (JuicyPotato, PrintSpoofer), kernel exploits (EternalBlue, SMBGhost), and unquoted service path exploitation.
Recommendations
- AI detected serious security threats
Audit Metadata