Yaksas Security

Cyber Security Research

  • Yaksas Security Home
  • Home
  • Yaksas Security Classroom
  • Learn Adversary Emulation
  • Contact Yaksas
Active Directory User Enumeration using PowerView

Uday Mittal July 8, 2020 Leave a Comment

Active Directory User Enumeration using PowerView

PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here.

As a pentester, you can leverage PowerView to find out information about domain users. Following commands will help you with that (watch the video for demonstration):

  • Get-NetUser
    • Get a list of all users in current domain
  • Get-NetUser –Domain ycsccorp.local
    • Get a list of all users in the specified domain
  • Invoke-UserHunter
    • Finds machines on the local domain where specified users are logged into. By default checks for domain admin accounts
  • Find-LocalAdminAccess
    • Finds machines on the domain that the current user has local admin access to
  • Invoke-EnumerateLocalAdmin
    • Enumerates members of the local Administrators groups across all machines in the domain
  • Invoke-CheckLocalAdminAccess
    • Check if the current user context has local administrator access to a specified host

Watch the video demonstration

Related Posts

  • SPN Scanning using ADSI (Part 3)SPN Scanning using ADSI (Part 3)
  • ADSISearcher (Part 2)ADSISearcher (Part 2)
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Enumeration Tagged With: powersploit, Powerview, recon, user enumeration

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

(ISC)2 Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security crte crtp cyber-warfare cybersecurity Cyber Security Cybersecurity books domain enumeration ethical hacking forest enumeration hacker Information Security ISACA Kali Linux Mobile Security Narendra Modi NSA offensive security Online Safety opsec Password Penetration Testing pentest powersploit Powerview privacy red team red teaming Risk Management Social Engineering user enumeration Wifi Windows

Top Posts

  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • What is Adversary Emulation?
    What is Adversary Emulation?
  • Build Your Career in Cyber Security
    Build Your Career in Cyber Security
  • CISA: Everything You Need to Know
    CISA: Everything You Need to Know
  • Let there be no more MMS Scandals
    Let there be no more MMS Scandals
  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress