You already have one internal machine, we can directly interact with the target enviroment using it as a brigde.

1. Collect Network Firewalls, Routers, Switches.

How would you do it?

1. check ipconfig route arp netstat for the pwned machine.
2. Meterpreter arp_scanner -r [ip]/mask .
3. Meterpreter ping_sweep set session. Useful for scanning hosts outside of the network.
4. pivoting - Pivoting - Client Side Exploiting
5. Drop in a shell. cmd.exe ifconfig /all
6. cmd.exe ifconfig /displaydns. show DNS cache.
7. cmd.exe netstat -ano.