Basic Recon
Domain/Computers/Users/Groups Recon.
Last updated
Domain/Computers/Users/Groups Recon.
Last updated
Get-Domain => Get Domain Information.
Get-DomainPolicy => Get Domain Policy.
(Get-DomainPolicy)."SystemAccess" => Password Policy.
Get-DomainController => Get Domain Controller Information.
Get-NetComputer| select name => Get a list of computers in the current domain.
Get-NetComputer -OperatingSystem "*Server 2016*" | select name ,operatingsystem |Format-List => OS info.
Get-NetGroup | select name => Get names of groups
Get-NetGroup 'Group-Name' => All data about the specific group
Get-NetGroupMember -MemberName "Group Name" -Recurse | select MemberName => Get all members of the domain admin group
Get-DomainUser => Get user's info about everything on the domain.
Get-DomainUser | select cn => Get users name.
Get-DomainUser -Identity <username> -Properties DisplayName, MemberOf,objectsid,useraccountcontrol | Format-List => Properties of a specific user.
==> Invoke-BloodHound -CollectionMethod All
==> ./SharpHound.exe --CollectionMethod All
==> bloodhound-python -u support -p '#00^BlackKnight' -ns 10.10.10.192 -d blackfield.local -c all