Quiz Entry - updated: 2026.07.01
After a Meterpreter session opens, what does the sysinfo command reveal, and what phase of an attack is this?
sysinfo prints the compromised machine's OS, architecture, hostname, domain, and logged-on user — the reconnaissance step of post-exploitation.
Post-exploitation is everything that happens after you've gained access — the goal shifts from "get in" to "understand, persist, and expand." sysinfo is usually the first move because the answers steer everything next:
- OS + architecture (x64/x86) → which further exploits and tools will run
- Domain → is this a standalone box or part of an Active Directory you can pivot through?
- Logged-on user / privileges → do you already have admin, or must you escalate?
It's the attacker's equivalent of "where am I and what am I working with?"
Tip: Recon doesn't stop at the perimeter — the first thing a smart intruder does inside is look around.