The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides functional code and instructions for destructive system manipulation and persistent access.
reference/system-exploitation.md contains a Python implementation designed to replace /usr/bin/bash with a trojan wrapper that creates a SUID shell. The script uses os.O_TRUNC to bypass file locks, facilitating unauthorized privilege escalation.
Contains multiple examples of using chmod 777 on critical system paths and performing binary replacements to intercept root processes.
[DATA_EXFILTRATION]: Functional code is provided for the silent extraction of sensitive user and system information.
reference/system-exploitation.md includes a Python implementation for "In-Process DPAPI Browser Credential Extraction" using the Windows CryptUnprotectData API to decrypt and steal saved passwords from Chromium-based browsers.
Describes methodologies for exfiltrating the Active Directory ntds.dit database and harvesting LSA secrets via privileged filesystem operations.
[REMOTE_CODE_EXECUTION]: The skill contains exploit templates and payloads for triggering remote code execution.
Provides Python exploit templates with embedded shellcode for stack-based buffer overflows.
Contains detailed instructions for deploying remote exploits like EternalBlue (CVE-2017-0144) and PrintNightmare (CVE-2021-34527).
[CREDENTIALS_UNSAFE]: Directs the agent to perform extensive searches for hardcoded credentials across various system and application configuration files.
Lists specific paths for harvesting secrets from Ruby, Python, and Node.js environments (.bundle/config, .pypirc, .npmrc) and content management systems (wp-config.php).
[EXTERNAL_DOWNLOADS]: Recommends fetching and executing unverifiable scripts from remote, non-standard servers.
Instructions include downloading enumeration scripts and malicious payloads from arbitrary attacker-controlled IP addresses using curl and wget.

system