ACTIVE DIRECTORY POWERSHELL MODULE¶
The Active Directory PowerShell module provides cmdlets for administering and querying an AD environment from the command line.
-
Loading the Active Directory Module
Import-Module ActiveDirectory -
Enumerating Domain Information
Get-ADDomain -
Enumerating Users with Service Principal Names
Get-ADUser -Filter {ServicePrincipalName -ne "$null"} -Properties ServicePrincipalName -
Checking for Trust Relationships
Get-ADTrust -Filter * -
Enumerating Groups
Get-ADGroup -Filter * -
Detailed Group Information
Get-ADGroup -Identity "[GROUP]" -
Enumerating Group Members
Get-ADGroupMember -Identity "[GROUP]"
USING POWERVIEW¶
PowerView is a powerful PowerShell tool designed to enhance situational awareness in an AD environment.
-
Get-DomainUser
Get-DomainUser -Identity "[USERNAME]" -
Get-DomainGroupMember
Get-DomainGroupMember -Identity "Domain Admins" -Recurse -
Get-DomainTrustMapping
Get-DomainTrustMapping -
Test-AdminAccess
Test-AdminAccess -ComputerName "[COMPUTERNAME]"
USING SHARPVIEW¶
SharpView is the .NET implementation of PowerView, providing similar functionality for AD enumeration.
-
Using SharpView:
.\SharpView.exe Get-DomainUser -Identity "[USERNAME]" -
Enumerate All Domain Users:
.\SharpView.exe Get-DomainUser
USING SNAFFLER¶
Snaffler is a tool for locating sensitive data within an AD environment by enumerating network shares and directories.
- Executing Snaffler:
.\Snaffler.exe -d "domain" -s -v data -o "output.log"
USING BLOODHOUND¶
BloodHound is an tool for analyzing AD trust relationships and identifying potential attack paths.
-
Running SharpHound to Collect Data
.\SharpHound.exe -c All --zipfilename "output.zip" -
Ingesting Data into BloodHound
-
Open BloodHound
-
Click "Upload Data"
-
Select the zip file generated by SharpHound
-
Analyze the data using pre-built and custom queries