Basic Recon
Domain/Computers/Users/Groups Recon.
Powerview
Domain/Computers Recon
Get-Domain
=> Get Domain Information.
Get-DomainPolicy
=> Get Domain Policy.
(Get-DomainPolicy)."SystemAccess"
=> Password Policy.
Get-DomainController
=> Get Domain Controller Information.
Get-NetComputer| select name
=> Get a list of computers in the current domain.
Get-NetComputer -OperatingSystem "*Server 2016*" | select name ,operatingsystem |Format-List
=> OS info.
Groups/Users Recon
Get-NetGroup | select name
=> Get names of groups
Get-NetGroup 'Group-Name'
=> All data about the specific group
Get-NetGroupMember -MemberName "Group Name" -Recurse | select MemberName
=> Get all members of the domain admin group
Get-DomainUser
=> Get user's info about everything on the domain.
Get-DomainUser | select cn
=> Get users name.
Get-DomainUser -Identity <username> -Properties DisplayName, MemberOf,objectsid,useraccountcontrol | Format-List
=> Properties of a specific user.
Bloodhound
Collectors.
Powershell Version ==> Invoke-BloodHound -CollectionMethod All
SharpHound ==> ./SharpHound.exe --CollectionMethod All
Python Bloodhound ==> bloodhound-python -u support -p '#00^BlackKnight' -ns 10.10.10.192 -d blackfield.local -c all
Last updated