After getting initial foothold let’s strat recon

ps

image.png

as we see we found interesting processes like sysmon and elastic-agent

Now let’s now go and enumerate the system using seatbelt.

image.png

execute-assembly C:\\Tools\\Seatbelt\\Seatbelt\\bin\\Release\\Seatbelt.exe -group=system

image.png

now let’s see if there is anything interesting.

image.png

image.png

Now let’s test screenshots.

screenshot

image.png

as we see we got the username and the password

Username: Dev\\bfarmer
Password: Sup3rman

Now let’s start keylogger.

keylogger

image.png

Now let’s see the clipboard.