[Edit 8/13/15] – Here is how the old version 1.9 cmdlets in this post translate to PowerView 2.0: Invoke-FindLocalAdminAccess -> Find-LocalAdminAccess Additionally, the -Ping command for Invoke-ShareFinder is no longer needed Back in 2012 @zeknox wrote a great post on “Finding Local Admin with Metasploit” which I highly recommend everyone read. My team consistently runs into situations similar …
[Edit 3/16/17] Many elements of this post, specifically the ones concerning KB2871997, are incorrect. I have an updated post titled “Pass-the-Hash Is Dead: Long Live LocalAccountTokenFilterPolicy” that contains the most up-to-date and accurate information. [Edit 8/13/15] – Here is how the old version 1.9 cmdlets in this post translate to PowerView 2.0: Invoke-EnumerateLocalAdmins -> Invoke-EnumerateLocalAdmin …
[Edit 8/13/15] – Many of the cmdlets listed here have changed. Check out the PowerView 2.0 post to see the new updates. [Note: this topic was cross-posted on the Veil-Framework site] Veil-PowerView is a project that was originally prompted by a client who locked down their corporate machines by disabling all “net *” commands for normal users. While building pure …
