# PowerView

### Overview

PowerView is a PowerShell tool to gain network situational awareness on Windows domains. It contains a set of pure-PowerShell replacements for various windows "net \*" commands, which utilize PowerShell AD hooks and underlying Win32 API functions to perform useful Windows domain functionality.

### Usage

1. Get the script into the machine and import it.

   ```powershell
   powershell -ep bypass
   Import-Module .\PowerView.ps1
   ```
2. Run the below commands.<br>

   ```bash
   # Get user info and password/last logon info
   Get-NetUser
   Get-NetUser | select cn,pwdlastset,lastlogon

   # Get groups and see what members are part of the group.
   Get-NetGroup
   Get-NetGroup | select cn
   Get-NetGroup "<group_name>" | select member
   Get-NetGroupMember -GroupName "Domain Admins"

   # Domain Info
   Get-NetDomain

   # Domain Controller info
   Get-NetDomainController

   # Get info about the current computer
   Get-NetComputer
   Get-NetComputer | select dnshostname,operatingsystem,operatingsystemversion
   Get-NetComputer -Ping  # See which devices the current device can access.
   Get-NetComputer -FullData

   # Check which users are logged on
   Get-NetLoggedon
   Get-NetLoggedon -ComputerName <Computer_Name>

   # Retrieve the default domain policy and domain controller policy settings
   Get-DomainPolicy
   (Get-DomainPolicy)."KerberosPolicy"

   # Searches for Local Administrators in a machine
   Invoke-EnumerateLocalAdmin

   # Determine if our current user has administrative permissions on any computers in the domain
   Find-LocalAdminAccess

   # Find if Active Sessions are present
   Get-NetSession -ComputerName files04 -Verbose
   ```

### References

1. <https://powersploit.readthedocs.io/en/latest/Recon/>
2. <https://www.hackingarticles.in/active-directory-enumeration-powerview/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gokulkarthik.gitbook.io/pentesting-checklist/windows-and-active-directory/post-compromise-enumeration/powerview.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.