🟢PowerView

Enumerate Active Directory using PowerView obfuscating your content

Get Current Domain

Get-NetDomain

Enum Other Domains

Get-NetDomain -Domain deathstar.rfs

Get Domain SID

Get-DomainSID

Get Domain Policy

Get-DomainPolicy
(Get-DomainPolicy)."system access"
(Get-DomainPolicy)."kerberos policy"

Get Domain Controllers

Get-NetDomainController
Get-NetDomainController -Domain deathstar.rfs

Is there a system-wide proxy?Enumerate Domain Users

PS C:\> Get-WMIRegProxy

Enum Domain Computers

Enum Groups and Group Members

Enumerate Shares

Enum Group Policies

Password Policy

$p=Get-DomainPolicy; $p.SystemAccess

Enum OUs

Enum ACLs

Enum Domain Trust

PS C:\> Get-DomainTrust
PS C:\> Get-DomainTrustMapping

Enum Forest Trust

User Hunting

Last updated