cracking-passwords
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing numerous high-risk offensive security tools, including credential dumpers like Mimikatz and Secretsdump, as well as network scanners and brute-force tools like CrackMapExec, Hydra, and Medusa.
- [CREDENTIALS_UNSAFE]: The documentation includes commands specifically designed to extract sensitive credential materials from local systems, such as NTLM hashes from the Windows SAM database and system memory using Mimikatz (
sekurlsa::logonpasswords). - [EXTERNAL_DOWNLOADS]: The skill provides commands to download external wordlists and security resources, specifically the SecLists repository from Daniel Miessler's GitHub account.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of commands on remote systems through pass-the-hash techniques using tools like
pth-winexe,psexec.py, andwmiexec.pywhich leverage extracted or captured hashes to gain remote access.
Audit Metadata