I hereby claim:
- I am rvazarkar on github.
- I am cptjesus (https://keybase.io/cptjesus) on keybase.
- I have a public key whose fingerprint is 309B 57DD A097 7565 6792 5796 6A61 8F77 5207 56E5
To claim this, I am signing this object:
{ | |
"name": "Users with Foreign Domain Group Membership", | |
"queryList": [ | |
{ | |
"final": false, | |
"title": "Select source domain...", | |
"query": "MATCH (n:Domain) RETURN n.name ORDER BY n.name DESC" | |
}, | |
{ | |
"final": true, |
#requires -version 2 | |
<# | |
PowerSploit File: PowerView.ps1 | |
Author: Will Schroeder (@harmj0y) | |
License: BSD 3-Clause | |
Required Dependencies: None | |
#> |
I hereby claim:
To claim this, I am signing this object:
API Call | MSDN Link | Protocol | Port | RPC Interface UUID | Named Pipe | RPC Method | RPC MSDN Link | |
---|---|---|---|---|---|---|---|---|
NetSessionEnum | https://msdn.microsoft.com/en-us/library/windows/desktop/bb525382(v=vs.85).aspx | [MS-SRVS]: Server Service Remote Protocol | TCP 445 | 4B324FC8-1670-01D3-1278-5A47BF6EE188 | \PIPE\srvsvc | NetrSessionEnum | https://msdn.microsoft.com/en-us/library/cc247273.aspx | |
NetWkstaUserEnum | https://msdn.microsoft.com/en-us/library/windows/desktop/aa370669(v=vs.85).aspx | [MS-WKST]: Workstation Service Remote Protocol | TCP 445 | 6BFFD098-A112-3610-9833-46C3F87E345A | \PIPE\wkssvc | NetrWkstaUserEnum | https://msdn.microsoft.com/en-us/library/cc250349.aspx |
Collection Method | API Call | MSDN Link | Default Targets | Stealth Targets | |
---|---|---|---|---|---|
Session | NetSessionEnum | https://msdn.microsoft.com/en-us/library/windows/desktop/bb525382(v=vs.85).aspx | All Computers | Domain Controllers + 'Share Servers' | |
LocalGroup | Modified NetLocalGroupGetMembers | https://msdn.microsoft.com/en-us/library/windows/desktop/aa370601(v=vs.85).aspx | All Computers | GPO Files | |
Group | Ldap | N/A | All User Group and Computer Objects | All User Group and Computer Objects | |
Trusts | DsEnumerateDomainTrusts | https://msdn.microsoft.com/en-us/library/ms675976(v=vs.85).aspx | All Domain and TrustedDomain objects | All Domain and TrustedDomain objects | |
LoggedOn | Remote Registry + NetWkstaUserEnum | https://msdn.microsoft.com/en-us/library/windows/desktop/aa370669(v=vs.85).aspx | All Computers | Domain Controllers + 'Share Servers' | |
ACL | Ldap | N/A | All user group computer and domain objects | All user group computer and domain objects | |
ObjectProps | Ldap | N/A | All user and computer objects | All user and computer objects |