PowerView: Active Directory Enumeration

PowerView: Active Directory Enumeration

Introduction to Active Directory enumeration using PowerView.

Introduction to Active Directory Penetration Testing by RFS. Learn how to conquer Enterprise Domains.

Get Current Domain


Enum Other Domains

Get-NetDomain -Domain deathstar.rfs

(Get-DomainPolicy)."system access"

(Get-DomainPolicy)."kerberos policy"

Get Domain Controllers


Get-NetDomainController -Domain deathstar.rfs

Is there a system-wide proxy?

Enumerate Domain Users

PS C:\> Get-WMIRegProxy

Enum Domain Computers

Enum Groups and Group Members

Enumerate Shares

Enum Group Policies

Password Policy

$p=Get-DomainPolicy; $p.SystemAccess

Enum OUs

Enum ACLs

Enum Domain Trust

PS C:\> Get-DomainTrust

PS C:\> Get-DomainTrustMapping

Enum Forest Trust

User Hunting