Once you have compromised a machine in an Active Directory environment, the next thing you do is post-exploitation network recon.
PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain Active Directory network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here. Learn more about Purple AD lab architecture here.
As a pentester, you can leverage PowerView to find out information about an Active Directory network. Following commands will help you with that (watch the video for demonstration):
- Gets a list of all current servers in the domain
- Resolves a hostname to an IP
- Gets the forest associated with the current user’s domain
- Gets all domains for the current forest
- Gets the domain controllers for the current computer’s domain
- Return the SID for the specified domain
- Gets share information for a specified server
Watch the video demonstration
Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.