Basic Recon
Domain/Computers/Users/Groups Recon.
Last updated
Domain/Computers/Users/Groups Recon.
Last updated
Get-Domain
=> Get Domain Information.
Get-DomainPolicy
=> Get Domain Policy.
(Get-DomainPolicy)."SystemAccess"
=> Password Policy.
Get-DomainController
=> Get Domain Controller Information.
Get-NetComputer| select name
=> Get a list of computers in the current domain.
Get-NetComputer -OperatingSystem "*Server 2016*" | select name ,operatingsystem |Format-List
=> OS info.
Get-NetGroup | select name
=> Get names of groups
Get-NetGroup 'Group-Name'
=> All data about the specific group
Get-NetGroupMember -MemberName "Group Name" -Recurse | select MemberName
=> Get all members of the domain admin group
Get-DomainUser
=> Get user's info about everything on the domain.
Get-DomainUser | select cn
=> Get users name.
Get-DomainUser -Identity <username> -Properties DisplayName, MemberOf,objectsid,useraccountcontrol | Format-List
=> Properties of a specific user.
==> Invoke-BloodHound -CollectionMethod All
==> ./SharpHound.exe --CollectionMethod All
==> bloodhound-python -u support -p '#00^BlackKnight' -ns 10.10.10.192 -d blackfield.local -c all