# Post-Exploitation

### Enumerate RDP Users Group

```powershell
Get-NetLocalGroupMember -ComputerName ACADEMY-EA-MS01 -GroupName "Remote Desktop Users"
```

### Enumerate WinRM Group

```powershell
Get-NetLocalGroupMember -ComputerName ACADEMY-EA-MS01 -GroupName "Remote Management Users"
```

### SQL Server

```powershell
# Import Module
Import-Module .\PowerUpSQL.ps1

# Enumerate SQL Instance
Get-SQLInstanceDomain

# mssqlcient
 mssqlclient.py INLANEFREIGHT/DAMUNDSEN@172.16.5.150 -windows-auth
```