Basics
Enumeration
Create user
Permissions
AD DS Data Store
Contains the NTDS.dit - a database that contains all of the information of an Active Directory domain controller as well as password hashes for domain users
Stored by default in %SystemRoot%\NTDS
accessible only by the domain controller
Forest overview
The Forest consists of :
Trees - A hierarchy of domains in Active Directory Domain Services
Domains - Used to group and manage objects
Organizational Units (OUs) - Containers for groups, computers, users, printers and other OUs
Trusts - Allows users to access resources in other domains
Objects - users, groups, printers, computers, shares
Domain Services - DNS Server, LLMNR, IPv6
Domain Schema - Rules for object creation
Users
Domain Admins : the only ones with access to the domain controller.
Service Accounts: they are required by Windows for services such as SQL to pair a service with a service account
Local Administrators - These users can make changes to local machines as an administrator and may even be able to control other normal users, but they cannot access the domain controller
Domain Users - These are your everyday users.
Windows server AD vs Azure AD
Windows Server AD | Azure AD |
LDAP | Rest APIs |
NTLM | OAuth/SAML |
Kerberos | OpenID |
OU Tree | Flat Structure |
Domains and Forests | Tenants |
Trusts | Guests |
Powershell
- Get-Help
Get-Help Command-Name
- Get-Command
Get-Command Verb-*
- Creating Objects
Get-ChildItem | Select-Object -Property Mode, Name
- Filtering Objects
Verb-Noun | Where-Object -Property PropertyName -operator Value
Ex: Get-Service | Where-Object -Property Status -eq Stopped
- Sort Object
Verb-Noun | Sort-Object
Ex: Get-ChildItem | Sort-Object
- Using Modules
Import-Module Module
. .\Module.ps1
- Get-ADDomain
C:\[Path]\Powersploit\PowerSploit-master\Recon> Import-Module ActiveDirectory
C:\[Path]\Powersploit\PowerSploit-master\Recon> Get-ADDomain | Select-Object NetBIOSName, DNSRoot, InfrastructureMaster
- Get-ADForest
C:\[Path]\Powersploit\PowerSploit-master\Recon> Get-ADForest | Select-Object Domains
- Get-ADTrust
C:\[Path]\Powersploit\PowerSploit-master\Recon> Get-ADTrust -Filter * | Select-Object Direction,Source,Target
- Powerview
Download: https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1
-- Get-NetDomain
C:\[Path]\Powersploit\PowerSploit-master\Recon> Import-Module .\PowerView.ps1
C:\[Path]\Powersploit\PowerSploit-master\Recon> Get-NetDomain
-- Get-NetDomainController
-- Get-NetForest
-- Get-NetDomainTrust
Powershell - powerview
PowerView
Last updated