Summary
You've got a shell on a Windows box and need SYSTEM or domain admin. This walks through the full escalation playbook: token impersonation with the Potato family exploits, service misconfigurations, UAC bypasses via fodhelper and eventvwr, and credential dumping with Mimikatz. The token manipulation section is especially thorough, covering SeImpersonatePrivilege abuse and named pipe tricks. For AD environments, it includes Kerberoasting, AS-REP roasting, delegation attacks, and ADCS exploitation. The automated enumeration commands with WinPEAS and Seatbelt are good starting points. This is comprehensive enough that you'll likely reference specific sections rather than read it sequentially. Works best when you already understand Windows security primitives and just need the syntax and tool chains.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill privesc-windows --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →First SeenJun 11, 2026
