This is continue from the previous post.
The logman utility can allow us to peer into and established SSL session and steal active session cookies after you have shell on a box.
If you do able to sniff the administrator credential, then you can evenenable logging on a remote host using "logman -s <computername>".
The Microsoft-Window-WinInet is only 1 of the providers that you can turn on the logging. To check the full list of providers in your computer, you can:
c:\temp>logman query providers > listofproviders.txt
C:\temp>type listofproviders.txt | find /c "{"
643
This means there are total of 643 providers available in my computer.