CRTP (Trusts-Enumeration)
CRTP (Trusts-Enumeration)
CRTP (Trusts-Enumeration)
Trusts Enumeration
Get a list of all domain trusts for the current domain
1
2
Get-NetDomainTrust
Get-NetDomainTrust -Domain us.dollarcorp.moneycorp.local
Get details about the current forest
1
2
Get-NetForest
Get-NetForest -Forest eurocorp.local
Get all domains in the current forest
1
2
Get-NetForestDomain
Get-NetForestDomain -Forest eurocorp.local
Get all global catalogs for the current forest
1
2
Get-NetForestCatalog
Get-NetForestCatalog -Forest eurocorp.local
Map trusts of a forest
1
2
Get-NetForestTrust
Get-NetForestTrust -Forest eurocorp.local
PowerView Enumeration [ User Hunting ]
Find all machines on the current domain where the current user has local admin access
1
Find-LocalAdminAccess -Verbose
Find computers where a domain admin (or specified user/group) has sessions
1
2
Invoke-UserHunter
Invoke-UserHunter -GroupName "RDPUsers"
To confirm admin access
1
Invoke-UserHunter -CheckAccess
Find computers where a domain admin is logged-in
1
Invoke-UserHunter -Stealth
Get users with privileges in other domains inside the forest
1
Get-DomainForeingUser
Get groups with privileges in other domains inside the forest
1
Get-DomainForeignGroupMember
This post is licensed under
CC BY 4.0
by the author.