PowerView: Active Directory Enumeration

PowerView: Active Directory Enumeration

Introduction to Active Directory enumeration using PowerView.

Introduction to Active Directory Penetration Testing by RFS. Learn how to conquer Enterprise Domains.

Get Current Domain

Get-NetDomain

Enum Other Domains

Get-NetDomain -Domain deathstar.rfs

(Get-DomainPolicy)."system access"

(Get-DomainPolicy)."kerberos policy"

Get Domain Controllers

Get-NetDomainController

Get-NetDomainController -Domain deathstar.rfs

Is there a system-wide proxy?

Enumerate Domain Users

PS C:\> Get-WMIRegProxy

Enum Domain Computers

Enum Groups and Group Members

Enumerate Shares

Enum Group Policies

Password Policy

$p=Get-DomainPolicy; $p.SystemAccess

Enum OUs

Enum ACLs

Enum Domain Trust

PS C:\> Get-DomainTrust

PS C:\> Get-DomainTrustMapping

Enum Forest Trust

User Hunting