🔋Post-Exploitation Basics (THM)

https://tryhackme.com/r/room/postexploit

Enumeration w/ Powerview

Powerview is a powerful powershell script from powershell empire that can be used for enumerating a domain after you have already gained a shell in the system.

Enumerate the domain users

Get-NetUser | select cn

Get-NetUser: This cmdlet retrieves a list of user objects from the Active Directory (AD) or the local computer. It's part of the PowerShell module for Active Directory, which allows you to manage and query AD objects.

| (Pipe symbol): The pipe symbol is used to redirect the output of the Get-NetUser cmdlet to the next command in the pipeline. Think of it as a way to pass the output of one command as input to another command.

select cn: The select cmdlet is used to select specific properties from the objects in the pipeline. In this case, cn is the property being selected.

cn stands for "Common Name" and is a property of an Active Directory user object. It typically represents the user's full name, such as "John Doe".

Enumerate the domain groups

Get-NetGroup -GroupName *admin*

Invoke-ShareFinder

Enumerate operating system

Get-NetComputer -fulldata | select operatingsystem

Previous5️⃣ Post Exploitation NextAbusing ZeroLogon

Last updated 29 days ago

Enumeration w/ Powerview

Enumerate the domain users

Enumerate the domain groups

Enumerate Share Folders

Enumerate operating system