PowerView
Importar PowerView.ps1.
powershell-import C:\Tools\PowerView.ps1Obtener nombre del dominio.
powershell Get-DomainObtener nombre del Domain Controller.
powershell Get-DomainController | Select Forest, Name, OSVersion | flEnumerar Forest Domains.
powershell Get-ForestDomainEnumerar Policy Data.
powershell Get-DomainPolicyData | select -ExpandProperty SystemAccessEnumerar usuarios.
powershell Get-DomainUser -Properties DisplayName, MemberOf | fl
powershell Get-DomainUser -Identity emily -Properties DisplayName, MemberOf | flEnumerar sistemas que hay en el dominio.
powershell Get-DomainComputer -Properties DnsHostName | sort -Property DnsHostNameEnumerar Organization Units (OUs).
powershell Get-DomainOU -Properties Name | sort -Property NameEnumerar Domain Groups.
powershell Get-DomainGroup | where Name -like "*Admins*" | select SamAccountNameEnumerar miembros de un domain group.
powershell Get-DomainGroupMember -Identity "Domain Admins" | select MemberDistinguishedNameEnumerar Group Policy Objects (GPOs).
powershell Get-DomainGPO -Properties DisplayName | sort -Property DisplayName
powershell Get-DomainGPO -ComputerIdentity DC01 -Properties DisplayName | sort -Property DisplayNameIdentificar domain users/group quien tiene Local Admin via GPO o Restricted group.
powershell Get-DomainGPOLocalGroup | select GPODisplayNme, GroupNameEnumerar sistemas donde un domain user/group tiene Local Admin.
powershell Get-DomainGPOUserLocalGroupMapping -LocalGroup Administrators | select ObjectName, GPODisplayName, ContainerName, ComputerName | flEnumerar domain machines donde los usuarios iniciaron sesion.
powershell Find-DomainUserLocation | select Username, SessionFromNameEnumerar sesiones activas.
powershell Get-NetSession -ComputerName DC02 | select CName, UserNameEnumerar todos los Domain Trust.
powershell Get-DomainTrust