User Sessions

Users that are currently logged on to this same machine may be good targets to attack. If they are more privileged then our current user in the domain, they may be a good candidate for lateral movement to other machines. The Domain Reconnaissance chapter will show methods for performing this type of enumeration.

The net logons command will list the logon sessions on this machine.

beacon> net logons

Logged on users at \\localhost:

DEV\bfarmer
DEV\jking
DEV\WKSTN-2$

PreviousClipboard NextHost Persistence

Last updated 1 year ago