PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here.
As a pentester, you can leverage PowerView to find out information about domain users. Following commands will help you with that (watch the video for demonstration):
- Get-NetUser
- Get a list of all users in current domain
- Get-NetUser –Domain ycsccorp.local
- Get a list of all users in the specified domain
- Invoke-UserHunter
- Finds machines on the local domain where specified users are logged into. By default checks for domain admin accounts
- Find-LocalAdminAccess
- Finds machines on the domain that the current user has local admin access to
- Invoke-EnumerateLocalAdmin
- Enumerates members of the local Administrators groups across all machines in the domain
- Invoke-CheckLocalAdminAccess
- Check if the current user context has local administrator access to a specified host
Watch the video demonstration
Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.