Beyond
This is the beyond page that an additional post enumeration and assessment are conducted as SYSTEM after compromising the target system.
SMB
/Practice/Internal_OffSec/3-Exploitation/attachments/{5EA00021-BF49-4363-A61C-E3903DDEA651}.png)
nikyPublic
niky Share
/Practice/Internal_OffSec/3-Exploitation/attachments/{6787FADD-36AC-474B-AD6C-CAEA9843392C}.png)
Public Share
/Practice/Internal_OffSec/3-Exploitation/attachments/{E14E2C88-3CD4-483C-A1D4-26EC35D13861}.png)
N/A
DNS
/Practice/Internal_OffSec/3-Exploitation/attachments/{2A9052B5-9AE3-4AB6-A6B8-88569FEFE814}.png)
dev.thinc
/Practice/Internal_OffSec/3-Exploitation/attachments/{AFA39B11-6776-4AF4-AC6C-F0B2FC4A45EF}.png)
A bunch of entries
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/internal_offsec/loot]
└─$ nslookup
> server 192.168.136.40
Default server: 192.168.136.40
Address: 192.168.136.40#53
> 10.2.2.224
224.2.2.10.in-addr.arpa name = _.dev.thinc.
> 10.2.2.22
22.2.2.10.in-addr.arpa name = carol.dev.thinc.
> 10.2.2.250
250.2.2.10.in-addr.arpa name = efw-proxy.dev.thinc.
> 10.2.2.15
15.2.2.10.in-addr.arpa name = internal.dev.thinc.
> 10.2.2.23
23.2.2.10.in-addr.arpa name = james.dev.thinc.
> 10.2.2.86
86.2.2.10.in-addr.arpa name = john.dev.thinc.
> 10.2.2.218
218.2.2.10.in-addr.arpa name = timeclock.dev.thinc.