PowerView

references
- https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/active-directory-enumeration-with-powerview

Domain Enumeration

Current Domain

Get-Domain

Get the object of another domain

Get-Domain -Domain moneycorp.local

Get the domain SID for the current domain

Get-DomainSID

Get the domain policy for the current/ another domain

Get-DomainPolicy
Get-DomainPolicyData
(Get-DomainPolicyData).systemaccess

#for another domain
(Get-DomainPolicyData -domain moneycorp.local).systemaccess

Get the Domain Controller of the current and another domain

Get-DomainController

#another domain
Get-DomainController -Domain moneycorp.local

Cross trust

Get the domain trust relation

Get-DomainTrust

Forest trust

Get-ForestTrust

Previouspassword crack NextActive Directory

Last updated 1 month ago