Active Directory Network Recon using PowerView
As a pentester, you can leverage PowerView to find out information about an active directory network. These commands will help you with the network recon.
Once you have compromised a machine in an Active Directory environment, the next thing you do is post-exploitation network recon.
PowerView, developed by Will Schroeder (@harmj0y), is a PowerShell tool to gain Active Directory network situational awareness on Windows domains. It is now a part of PowerSploit suite. You can download PowerView from here.
As a pentester, you can leverage PowerView to find out information about an Active Directory network. Following commands will help you with that (watch the video for demonstration):
Get-NetComputer
Gets a list of all current servers in the domain
Get-IPAddress
Resolves a hostname to an IP
Get-NetForest
Gets the forest associated with the current user's domain
Get-NetForestDomain
Gets all domains for the current forest
Get-NetDomainController
Gets the domain controllers for the current computer's domain
Get-DomainSID
Return the SID for the specified domain
Get-NetShare
Gets share information for a specified server
Watch the video demonstration