Using Powerview

Powerview is a powershell script used popularly for enumeration of an Active Directory. The powerview script can be downloaded from the following link,

https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1

Once the script is made available in the sytem being exploited, it has to be imported using the following command,

Import-Module .\PowerView.ps1

Once the import is successful the following commands can be used to extract the info,

Get Domain Information

Get-NetDomain

List active session in DC

Get-NetSession -ComputerName p42dc

List all users

Get-NetUser

List Groups

Get-NetGroup

List Computer Objects in Domain

Get-NetComputer

Find User-System pair with Admin Access

Find-LocalAdminAccess

Find Logged in Users

Get-NetSession -ComputerName system1 -Verbose

Find SPNs

Get-NetUser -SPN | select samaccountname,serviceprincipalname

Enumerate Domain Shares

Find-DomainShare

The above command lists all active sessions present with the domain controller. The system mentioned in the command has to be the domain controller.

Get-NetSession -ComputerName p42dc

PreviousUsing Crackmapexec NextImportant Scripts & Links

Last updated 2 years ago