Skip to content

Latest commit

 

History

History
63 lines (52 loc) · 1.33 KB

4-Trusts-Enumeration.md

File metadata and controls

63 lines (52 loc) · 1.33 KB
Raw

Trusts Enumeration

Get a list of all domain trusts for the current domain

Get-NetDomainTrust
Get-NetDomainTrust -Domain us.dollarcorp.moneycorp.local

Get details about the current forest

Get-NetForest
Get-NetForest -Forest eurocorp.local

Get all domains in the current forest

Get-NetForestDomain
Get-NetForestDomain -Forest eurocorp.local

Get all global catalogs for the current forest

Get-NetForestCatalog
Get-NetForestCatalog -Forest eurocorp.local

Map trusts of a forest

Get-NetForestTrust
Get-NetForestTrust -Forest eurocorp.local

PowerView Enumeration [ User Hunting ]

Find all machines on the current domain where the current user has local admin access

Find-LocalAdminAccess -Verbose

Find computers where a domain admin (or specified user/group) has sessions

Invoke-UserHunter
Invoke-UserHunter -GroupName "RDPUsers"

To confirm admin access

Invoke-UserHunter -CheckAccess

Find computers where a domain admin is logged-in

Invoke-UserHunter -Stealth

Get users with privileges in other domains inside the forest

Get-DomainForeingUser

Get groups with privileges in other domains inside the forest

Get-DomainForeignGroupMember