Session Enumeration

The local_sessions and query_session command can be used to enumerate users logged into the current or a target host. This can be extremely helpful to check if a user is logged-in to a specific target host and how they are logged in (powershell, rdp, console… etc). This command when combined with crisis_monitor and grab_token can be really powerful to get a notification as soon as a user logs in, validate the user and steal the token to further move laterally or execute some command from the stolen token.