Want to make your life easier once you’ve gotten a foothold on your Windows target? Enable Remote Desktop. See this article:
https://www.interfacett.com/blogs/how-to-remotely-enable-and-disable-rdp-remote-desktop/
TL;DR:
In cmd.exe:
Reg add “\\computername\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d /f
In Powershell:
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0}
Don’t forget to allow RDP through the firewall:
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}
Now have fun!