Cheat Sheet Hacking
  • ๐ŸŒGeneric Ideas
    • File Transfer
    • Reverse Shell
    • Cracking Tricks
    • Tunneling and Port Forwarding
    • Reversing
    • OSINT
    • Phishing
  • ๐Ÿ•โ€๐ŸฆบPort enumeration
    • Reconnaissance
    • 53 - DNS
    • 80,443 - Web
      • Identify php.ini file used
      • Exploitation
        • File Upload
        • XXS
    • 445 - SMB
    • 389, 636, 3268 - LDAP(S)
  • LINUX THINGS
    • Enumeration
    • Privilege Escalation
      • Writable $PATH
  • WINDOWS THINGS
    • Enumeration
    • Useful Commands
    • Active Directory Methodology
      • Commands to create AD environment
      • Attacks
        • Kerberos
          • User enumeration
          • ASREP-Roast
          • Kerberoasting
          • ASREP-Roast VS Kerberoasting
          • Golden Ticket
          • Resource Based Constrained Delegation
        • Secrets dump
        • Pass The Hash
        • Dump NTDS
        • Tickets
          • TGT
        • NTML Password Spray
        • LDAP Authentication
          • LDAP Pass-back
          • Rogue LDAP Server
        • SMB Relay (LLNMR, NTB-NS & WPAD)
        • NTLM Relay
        • Tools to exploit AD things
        • SCF Files
      • Kerberos
      • SAM & LSA secrets
      • Enumeration
        • BloodHound
        • PowerView
          • CheatSheet of Commands
        • Set DNS & DOMAIN
      • Resources
      • RunAs
      • Post Explotation
        • Persistence
        • Mimikatz
      • Common used tools
  • ๐Ÿ•ณ๏ธPivoting
    • Port Forwarding
    • Socks Forwarding
    • Routing
    • Web Fuzzing
    • Transfer files
    • Metasploit
      • Single Pivot
      • Double Pivot
    • Burp Suite
  • ๐ŸŽ›๏ธHardware
    • Physical attacks
  • ๐ŸŒ•Buffer Overflow
    • Introduction
    • Stack-Based
      • Introduction
        • Spiking
        • Fuzzing
        • Find Offset
        • Overwrite EIP
        • Find module
        • Find Badchars
        • Shellcode
  • ๐ŸณDocker
    • Commands
    • Practical examples
  • ๐Ÿ’กUseful things
    • Burp Suite
      • Proxy Activation
    • Linux Commands
    • Recreate multipart/form-data request
      • Python
      • HTML & netcat
    • TTY
    • Templates for reports (exams)
    • Tmux
    • Other cheat sheets
Powered by GitBook
On this page
  • Import PowerView.ps1
  • Help about a command
  • Enumerate Domain Users
  • Enumerate Domain Groups
  • Enumerate shared folders in Domain
  • Enumerate Computers in Domain
  1. WINDOWS THINGS
  2. Active Directory Methodology
  3. Enumeration

PowerView

PreviousBloodHoundNextCheatSheet of Commands

Last updated 5 months ago

Powerview is a powerful powershell script from powershell empire that can be used for enumerating a domain after you have already gained a shell in the system.

Import PowerView.ps1

Start Powershell (powershell -ep bypass) -ep bypasses the execution policy of powershell allowing you to easily run scripts.

Move .ps1 file on the system and import it:

. .\Downloads\PowerView.ps1

Help about a command

get-help <COMMAND>
get-help Get-NetComputer

Enumerate Domain Users

Get-NetUser | Select cn

Enumerate Domain Groups

Get-NetGroup
Get-NetGroup -GroupName *admin*

Enumerate shared folders in Domain

Invoke-ShareFinder

Enumerate Computers in Domain

Get-NetComputer -FullData

CheatSheet with commands to use with PowerView:

https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993
LogoPowerSploit/PowerView.ps1 at dev ยท PowerShellMafia/PowerSploitGitHub
LogoPowerViewHackTricks
LogoPowerView: Active Directory EnumerationRed Teaming Experiments
LogoREADME - PowerSploit