A while back I played with a copy of Core Impact. The tool is quite powerful, with its neatest feature being pivoting. You can use a system you have just exploited as an attack point. I have heard that SAINT has a similar feature in the works. I am just not a fan of shelling out $20k for a license of Core Impact. I lean more towards open-source and Metasploit.
When I exploit a system with Metasploit, I have a few files and scripts that I ftp / tftp down to allow me to do some basic work from a command line shell on the remote system, but my abilities are very limited at this point. It would be great to be able to use something like Nmap, Nessus, or Metasploit from the remote system. Does anyone have a method for doing something similar? Perhaps there is a meterpreter option out there? It would be great if there was an agent that ran entirely in RAM for Metasploit.
What do you do with a system once you exploit to attempt to further penetrate the network? I am curious to see what some of your methods are. I know there has to be a way and I am just missing it. I feel like I am lacking in this area and would appreciate some advice.