After getting initial foothold let’s strat recon

ps

image.png

as we see we found interesting processes like sysmon and elastic-agent

Now let’s now go and enumerate the system using seatbelt.

image.png

execute-assembly C:\Tools\Seatbelt\Seatbelt\bin\Release\Seatbelt.exe -group=system

image.png

now let’s see if there is anything interesting.

image.png

image.png

Now let’s test screenshots.

screenshot

image.png

as we see we got the username and the password

Username: Dev\bfarmer
Password: Sup3rman

Now let’s start keylogger.

keylogger

image.png

Now let’s see the clipboard.