You already have one internal machine, we can directly interact with the target enviroment using it as a brigde.

  1. Collect Network Firewalls, Routers, Switches.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/3ee7c00d-9c76-433c-ba75-6f2384a60849/Untitled.png

How would you do it?

  1. check ipconfig route arp netstat for the pwned machine.
  2. Meterpreter arp_scanner -r [ip]/mask .
  3. Meterpreter ping_sweep set session. Useful for scanning hosts outside of the network.
  4. pivoting - Pivoting - Client Side Exploiting
  5. Drop in a shell. cmd.exe ifconfig /all
  6. cmd.exe ifconfig /displaydns. show DNS cache.
  7. cmd.exe netstat -ano.