Yaksas CSC

Your Guardian in the Cyber World

  • Yaksas CSC Home
  • Home
  • About Us
    • Overview
    • Why Yakṣas?
  • Got a Question?
    • Cyber Security Basics
    • Cyber Security Education & Career
    • How to stay safe?
  • Get Invloved
    • Write for Us
    • YCSC QnA Dialogue
    • Translate Articles
  • Contact Yakṣas
  • Press Release
    • NCSAM 2015 Champion
    • STOP. THINK. CONNECT. Partner
Active Directory Network Recon using PowerView

Uday Mittal July 8, 2020 Leave a Comment

Active Directory Network Recon using PowerView

Once you have compromised a machine in an Active Directory environment, the next thing you do is post-exploitation network recon.

PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain Active Directory network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here. Learn more about Purple AD lab architecture here.

As a pentester, you can leverage PowerView to find out information about an Active Directory network. Following commands will help you with that (watch the video for demonstration):

  • Get-NetComputer
    • Gets a list of all current servers in the domain
  • Get-IPAddress
    • Resolves a hostname to an IP
  • Get-NetForest
    • Gets the forest associated with the current user’s domain
  • Get-NetForestDomain
    • Gets all domains for the current forest
  • Get-NetDomainController
    • Gets the domain controllers for the current computer’s domain
  • Get-DomainSID
    • Return the SID for the specified domain
  • Get-NetShare
    • Gets share information for a specified server

Watch the video demonstration

Related Posts

  • SPN Scanning using ADSI (Part 3)SPN Scanning using ADSI (Part 3)
  • ADSISearcher (Part 2)ADSISearcher (Part 2)
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Enumeration, Lab Tagged With: domain enumeration, forests, network recon, powersploit, Powerview

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

Active directory Active directory lab adsecurity adsi adsisearcher Android attack active directory awareness blue whale challenge Certification CISSP command and control crte crtp cyber-warfare Cyber Security Cybersecurity books Cybersecurity Cannon domain enumeration Edward Snowden ellitedevs forest enumeration hacker Information Security ISACA Kali Linux Mass Surveillance Mobile Security Narendra Modi NSA offensive security Online Safety Password Penetration Testing pentest poshc2 powersploit Powerview privacy red team Risk Management Social Media user enumeration Wifi Windows

Top Posts

  • Web App Pentesting using BodgeIt Store (Part 1)
    Web App Pentesting using BodgeIt Store (Part 1)
  • Are you sharing sensitive information over WhatsApp?
    Are you sharing sensitive information over WhatsApp?
  • Active Directory User Enumeration using PowerView
    Active Directory User Enumeration using PowerView
  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • CISA: Everything You Need to Know
    CISA: Everything You Need to Know
  • Social-Engineer Toolkit: An Introduction
    Social-Engineer Toolkit: An Introduction

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress