PowerView Common Commands

PowerView.ps1 link

Save this in a notepad as PowerView.ps1 in the windows machine.

This is my cheat sheet for PowerView. These are some PowerView commands that I find useful for Active Directory/Domain enumeration. PowerView is a PowerShell tool to gain network situational awareness on Windows domains.

Open Command Prompt as administrator.

Then Type : powershell -ep bypass

Then go to the directory where you saved the PowerView script then run this command : . .\PowerView.ps1

Now you can begin the enumeration!

Get-NetDomain or Get-Domain : Information about the domain

Get-NetDomain

Get-NetComputer | select operatingsystem same as Get-DomainComputer | select operatingsystem : Show the Operating Systems

Get-NetComputer | select operatingsystem

Get-DomainComputer | select operatingsystem

Get-NetDomainController or Get-DomainController : Get information about the Domain Controller.

Get-NetDomainController

Get-DomainController

Get-DomainPolicy : Shows the Domain Policies

Get-NetUser / Get-DomainUser : Gets information of users in the domain.

Get-NetUser | select cn : cn stands for Common Name

Get-DomainUser | select cn

Get-DomainUser -Properties name,description is same as Get-NetUser | select name, description

Get-DomainUser -Properties name,samaccountname,description : name shows the name of the users, samaccountname shows the logon name used, description shows the description.

Get-NetUser "user" and Get-DomainUser "user" : Shows information about a specific user specified in the "user" in the domain. The user has to be the samaccountname of that particular name of the user.

Get-NetUser "user" is same as Get-DomainUser "user"

Get-NetUser | select name,samaccountname or Get-DomainUser |select name,samaccountname : This command will display the samaccountname related to the user

Get-DomainUser |select name, samaccountname

Get-DomainUser "user"

Get-NetUser | select name, samaccountname

Get-NetUser "user"

Get-NetGroup or Get-DomainGroup : Get all the groups in the domain

Get-NetGroup “Domain Admins"or Get-DomainGroup "Domain Admins” : Gets specific group called Domain Admins

Get-NetGroup “Domain Admins"

Get-DomainGroup "Domain Admins”

Get-DomainGroupMember or Get-NetGroupMember : Get a specific user from a specific group.

Get-NetGroupMember "Domain Admins" same as Get-DomainGroupMember "Domain Admins"

Get-NetGroupMember “Domain Admins"

Get-DomainGroupMember "Domain Admins"

Get-DomainComputer | select cn, dnshostname also same as Get-NetComputer | select cn, dnshostname

Get-DomainComputer | select cn, dnshostname

Get-NetComputer | select cn, dnshostname

Invoke-ShareFinder : Shows all the shares

Get-NetComputer -Properties samaccountname same as Get-DomainComputer -Properties samaccountname

Get-DomainComputer -Properties samaccountname

Get-NetComputer -Properties samaccountname

Net-GPO same as Domain-GPO : Shows the Group Policies.

Get-NetGPO

Get-DomainGPO

Get-DNSZone same as Get-DomainDNSZone : Get DNS information.

Get-DNSZone

Get-DomainDNSZone

Get-NetUser -SPN or Get-DomainUse -SPN : Shows which service instance is associated with a service logon account.

Get-DomainUser -SPN

Get-NetUser -SPN

Get-Forest ,Get-ADForest and Get-NetForest

all are same. They show the forest properties of the domain.

Get-Forest

Get-ADForest

Get-NetForest

Get-ADDomain | select DNSRoot,NetBIOSName,DomainSID : Gets the DNSRoot name, NetBIOS name and the Domain SID

Get-ADUser “user" : Gets information about the domain user user . The user has to be the samaccountname of that user.

Get-adUser -Filter * | select name,samaccountname

Get-ADuser “user”

Get-ADObject -LDAPFilter “objectClass=User” | select name,SamAccountName : Get all the users with their samaccountname in the domain

Get-ADObject -LDAPFilte “objectclass=*” |select name : Get every group, username.

You can change the value of objectclass to Group , User , Domain etc, or simply * to get everything.

Get-ADObject -LDAPFilter “objectClass=User” | select name,SamAccountName

--

--

--

Hi, I’m Aksheet. Interested in Cyber Security and Aviation. eJPT certified

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

I am stuck.

Introduction to Flask AppBuilder — Building a Simple Web Service (2)

Turning Contracts into Beautiful Documentation

Redshift vs BigQuery vs Snowflake: A comparison of the most popular data warehouse for data-driven…

AWS vs Snowflake vs BigQuery

Why is SaMD? Examples of Software as a Medical Device

What is Scrum In Agile?

What is Scrum In Agile?

I ended up writing a script in LUA …!

How to Automate Email Updates in a Google Sheet (Google Scripts)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aksheet V

Aksheet V

Hi, I’m Aksheet. Interested in Cyber Security and Aviation. eJPT certified

More from Medium

How green is your web app?

How to bypass UAC using Task Scheduler

Configure HTTPS SSL certificate on your AWS instance for Free

Top 3 FAQ for Sorting in Python3