In this informative tutorial, we dive into the essentials of using PowerView to enumerate trusts effortlessly.
Whether you’re a cybersecurity professional, a penetration tester, or simply curious about Active Directory enumeration, this tutorial will guide you through a simple yet effective trick to uncover domain trusts with ease.
We’ll cover the fundamental concepts of PowerView, demonstrate the enumeration process step-by-step, and share tips on how to optimize your results.
By the end of this tutorial, you’ll be equipped with practical knowledge that will enhance your skills in domain enumeration.
Get a list of all domain trusts for the current domain
Get-NetDomainTrust Get-NetDomainTrust -Domain us.dollarcorp.moneycorp.local
Get details about the current forest
Get-NetForest Get-NetForest -Forest eurocorp.local
Get all domains in the current forest
Get-NetForestDomain Get-NetForestDomain -Forest eurocorp.local
Get all global catalogs for the current forest
Get-NetForestCatalog Get-NetForestCatalog -Forest eurocorp.local
Map trusts of a forest
Get-NetForestTrust Get-NetForestTrust -Forest eurocorp.local
PowerView Enumeration [ User Hunting ]
Find all machines on the current domain where the current user has local admin access
Find-LocalAdminAccess -Verbose
Find computers where a domain admin (or specified user/group) has sessions
Invoke-UserHunter Invoke-UserHunter -GroupName "RDPUsers"
Invoke-UserHunter -CheckAccess
Find computers where a domain admin is logged-in
Invoke-UserHunter -Stealth
Find computers where a domain admin (or specified user/group) has sessions
Find-DomainUserLocation -Verbose Find-DomainUserLocation -UserGroupIdentity "StudentUsers"
Find computers where a domain admin session is available and current user has admin access (uses Test-AdminAccess)
Find-DomainUserLocation -CheckAccess
Find computers (File Servers and Distributed File servers) where a domain admin session is available.
Find-DomainUserLocation –Stealth
