powerview.ps1

powershell.exe -exec bypass; Import-Module PowerView.ps1
[OR] . .\PowerView.ps1

Domain information

Get-Domain [-Domain DOMAIN]
Get-DomainController [-Domain DOMAIN] 
Get-DomainSID
Get-DomainPolicy
(Get-DomainPolicy)."to-enumerate-further"

Domain Users & Computers

Get-DomainUser | Out-File -FilePath .\DomainUsers.txt
Get-DomainUser | select samaccountname,userprincipalname, memberof
Get-DomainUser * -Domain DOMAIN | Select-Object -Property name,samaccountname,description,memberof,admincount,userprincipalname, serviceprincipalname, useraccountcontrol
Get-UserProperty [-Properties FIELD]

Get-DomainComputer -Properties OperatingSystem, Name, DnsHostName | Sort-Object -Property DnsHostName
# live hosts
Get-DomainComputer -Ping -Properties OperatingSystem, Name, DnsHostName | Sort-Object -Property DnsHostName

Kerberoastable Users

Domain Groups

SMB Shares

GPO

ACLs

Domain Trusts

User Hunting

References

PreviouskerberoastingNextad module

Last updated

Was this helpful?