Using Powerview

Powerview is a powershell script used popularly for enumeration of an Active Directory. The powerview script can be downloaded from the following link,

https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1

Once the script is made available in the sytem being exploited, it has to be imported using the following command,

Import-Module .\PowerView.ps1

Once the import is successful the following commands can be used to extract the info,

Get Domain Information
Get-NetDomain
List active session in DC
Get-NetSession -ComputerName p42dc
List all users
Get-NetUser
List Groups
Get-NetGroup
List Computer Objects in Domain
Get-NetComputer
Find User-System pair with Admin Access
Find-LocalAdminAccess
Find Logged in Users
Get-NetSession -ComputerName system1 -Verbose
Find SPNs
Get-NetUser -SPN | select samaccountname,serviceprincipalname
Enumerate Domain Shares
Find-DomainShare

The above command lists all active sessions present with the domain controller. The system mentioned in the command has to be the domain controller.

Get-NetSession -ComputerName p42dc

Last updated