## Intro

Hello all, today I will give a quick overview of PowerView.ps1 and its usefull AD enumeration commands. Firstly, I’ll go over loading the PowerView Module into PowerShell and then I will show you some of the commands with a sample output, think of this like a cheat sheet for PowerView.

Firstly, make sure you are in the same directory as the PowerView.ps1 file. We also need to unblock the file with the Unblock-File cmdlet.

Unblocking:

## Enumeration Commands

### Domain Information

Shows information about the current domain, includign all domain controllers

Shows us the ip and location of the DC

Shows us the Domain Policy Info

### Users, Groups and Computers

Gives us information on all the users in the domain, this can be made more concise with the select command

Lists all computers joined to the domain, you can get more info with -FullData flag

Lists the groups in the domain and can be more specific with: Get-NetGroup -GroupName “Domain Admins”

Lists all users in the domain with a Service Principal Name set.

Enumerates servers that allow unconstrained kerberos delegation and show all users logged in

### Group Policy and Shares

Will list all of the shares on all computers in the domain

Shows us all of the GPO for the domain, can reveal interesting information such as a disabled antivirus

## Conclusions

Well, I hope you found this article somewhat interesting or at the very least, informative and if you did consider dropping me a +rep on HTB or a follow on twitter, if you want to read up more about these commands then take a look here, GitHub Gist.

Categories:

Updated: