Enumeration - Powerview

This is after loading Poweview into the machine.

Some terms so you dont forget:

GPO: A Group Policy Object (GPO) is a group of settings that are created using the Microsoft Management Console (MMC) Group Policy Editor. GPOs can be associated with a single or numerous Active Directory containers, including sites, domains, or organizational units (OUs). The MMC allows users to create GPOs that define registry-based policies, security options, software installation and much more.

OU: organizational units so basically groups that belong to an organization.

ACLs: In Active Directory, access control lists are tables, or simple lists, that define the trustees who have access to the object in question, and also what type of access they have.

User Enumeration

get-netuser
commands | select <parameter>

Enumerating samaccount names

get-netuser | select -expandproperty samaccountname

Enumerating Descriptions

find-userfield -SearchField description "password"
find-userfield -SearchField description "pass"

This could be passwords or tasks.

Enumerating Groups

net-group

Look for weird ones in the bottom.

If we want to look specifically for a certain user and what part of a group that person is in.

get-netgroup -UserName "<user we want to enumerate>"

Enumerating Group Itself

get-netgroup -GroupName "Group Name" -FullData

Enumerating Group Policy Objects

get-netgpo

Look to see exploitable ones.

Enumerating ACLs

get-objectacl -SamAccountName "group name" -ResolveGUIDs

Look for GENERIC WRITE and Generic ALL for weird ones.

Take a look at this, you see how the mayorsec\Sales group has complete GenericALL on the ACL that affects the Engineering group. This means that if we are indeed part of the sales group, we could do multiple things to abuse those ACLs.

net group sales /domain

We see the memners of this said group who has write access to the Engineering Group.

Now notice that this user was able to add and delete users from that group.

So we could possibly abuse this to add ourselves to groups who have higher access than ours.

Enumerating Computers

get-netcomputer 

Last updated