Enumeration with Powerview

Introduction

Powerview is a powerful powershell script from powershell empire that can be used for enumerating a domain after you have already gained a shell in the system.

How to start up and get users and groups from PowerView.

Start Powershell - powershell -ep bypass -ep bypasses the execution policy of powershell allowing you to easily run scripts
Start PowerView - . .\PowerView.ps1
Enumerate the domain users - Get-NetUser | select cn
Enumerate the domain groups - Get-NetGroup -GroupName *admin*

List Shared Folders

Invoke-ShareFinder

Get list of Running OSs

Get-NetComputer -fulldata | select operatingsystem

Cheatsheet

PreviousWindows Active Directory NextEnumeration with Bloodhound (GUI)

Last updated 1 year ago