This lab explores a couple of common cmdlets of PowerView that allows for Active Directory/Domain enumeration.
Get current user's domain:
Get information about the forest the current user's domain is in:
Get all domains of the forest the current user is in:
Get info about the DC of the domain the current user belongs to:
Get a list of domain members that belong to a given group:
Get users that are logged on to a given computer:
Enumerate domain trust relationships of the current user's domain:
Enumerate forest trusts from the current domain's perspective:
Get running processes for a given remote machine:
Get-NetProcess -ComputerName dc01 -RemoteUserName offense\administrator -RemotePassword 123456 | ft
Enumerate and map all domain trusts:
Enumerate shares on a given PC - could be easily combines with other scripts to enumerate all machines in the domain:
Find machines on a domain or users on a given machine that are logged on:
{% embed url="https://github.com/PowerShellMafia/PowerSploit" %}