Powerview
You need first to download PowerView to the host you compromised (up to you how you want to do it)
Now we need to launch powershell and bypass the execution policy by doing :
powershell -ep bypassnext we need to load PowerView :
. .\PowerView.ps1Now obviously this script can retrieve a lot of information, you can for example get information about the domain by :
Get-NetDomainor DC :
Get-NetDomainControllerIf for example you want to check a particular attribute (say, system access) of the Domain policy you can :
(Get-DomainPolicy)."system access"Look for shares :
Invoke-ShareFinderGPO:
Get-NetGPOa cheat sheet is available here :
Last updated
Was this helpful?