# Enumeration with Powerview

### Introduction

Powerview is a powerful powershell script from powershell empire that can be used for enumerating a domain after you have already gained a shell in the system.

***

### How to start up and get users and groups from PowerView.

1. Start Powershell - `powershell -ep bypass -ep` bypasses the execution policy of powershell allowing you to easily run scripts 
   \*

   ```
   <figure><img src="https://1920086362-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDfv51K0WXLZdwTryHQZc%2Fuploads%2Ft78IgwHUizjwlNLguhda%2Fimage.png?alt=media&#x26;token=7a01d6b6-02e0-453d-a74e-564464d6a52d" alt=""><figcaption></figcaption></figure>
   ```
2. Start PowerView - `. .\PowerView.ps1`
3. Enumerate the domain users - `Get-NetUser | select cn`
   \*

   ```
   <figure><img src="https://1920086362-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDfv51K0WXLZdwTryHQZc%2Fuploads%2FVaMP6zyagpCwLldLBuvX%2Fimage.png?alt=media&#x26;token=78d94378-84f9-4212-b348-198e3c9b45dc" alt=""><figcaption></figcaption></figure>
   ```
4. Enumerate the domain groups - `Get-NetGroup -GroupName *admin*`
   \*

   ```
   <figure><img src="https://1920086362-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FDfv51K0WXLZdwTryHQZc%2Fuploads%2FgprNRP910EuuJ0NaqPkE%2Fimage.png?alt=media&#x26;token=7b327a93-2809-4b62-a4be-08a3d00d5247" alt=""><figcaption></figcaption></figure>
   ```

***

### List Shared Folders

```
Invoke-ShareFinder
```

***

### Get list of Running OSs

```
Get-NetComputer -fulldata | select operatingsystem
```

***

### [Cheatsheet](https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993)

***