Created
June 7, 2020 05:37
-
-
Save svch0stz/19a501bff71adc84ccb74dda69e333c3 to your computer and use it in GitHub Desktop.
Just Another List of PowerShell Commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Get AD Password Information — Can be used to find stale accounts or users that don’t require authentication | |
| Get-ADUser -Properties Name,UserPrincipalName,Enabled,PasswordNeverExpires,PasswordExpired,PasswordNotRequired,AccountExpirationDate,PasswordLastSet | Export-csv userpasswordinfo.csv | |
| //Get Admins with an SPN — Any account in this list are good targets for Kerberoasting attacks | |
| Get-AdUser -filter {(ServicePrincipalName -like “*”) -AND (AdminCount -eq 1)} -Properties * | Select SAMAccountname,PasswordLastSet | Sort PasswordLastSet | |
| //Get Email from List of usernames | |
| Get-Content usernames.txt | Foreach-object { Get-ADUser $_ -Properties Name,UserPrincipalName,Enabled} | Export-csv output.csv | |
| //Get Usernames from List of Emails | |
| Get-Content upns.txt | ForEach-Object { Get-ADUser -LDAPFilter “(mail=$_)” } | Select-Object -ExpandProperty sAMAccountName |Out-File “upn2user.txt” | |
| //Set PowerShell to use your current proxy authentication | |
| $wc = new-object System.Net.WebClient | |
| $wc.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials | |
| //Get all Exchange Distribution groups a user is in (Requires Exchange Online Powershell) | |
| $Username = upn@company.com.au | |
| $DistributionGroups= Get-DistributionGroup -ResultSize Unlimited | where { (Get-DistributionGroupMember $_.Name | foreach {$_.PrimarySmtpAddress}) -contains “$Username”} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment