Post Enumeration for AD

Tools: Powerview, bloodhound

Method1: Powerview

  1. Upload a script on the target windows machine

  2. On the machine, type powershell -ep bypass (ep stops us from executing scripts)

  3. . .\PowerView.ps1 (if nothing happens, it's loaded)

  4. Get-NetDomain shows domain info

Method 2: Bloodhound

Last updated