daniel0x00 · June 15, 2017 21:27
diff --git a/PowerViewFirstChecks.ps1 b/PowerViewFirstChecks.ps1
 # Download and invoke PowerView:
 iex(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1')

 # All admin users of default domain:
 $filename = 'admins_default_domain'; $out = Get-NetUser -AdminCount; Export-Clixml $filename'.out' -InputObject $out; "All admins in the domain. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

 # All enabled users (including admins) with no-password setting
 $filename = 'users_no_password_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with no-password setting. Means this users could have weak passwords or even no password at all. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort pwdlastset | ft -wrap -autosize >> $filename'.txt'

 # All enabled users (including admins) with password never expire setting
 $filename = 'users_password_never_expire_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with password never expire setting. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort pwdlastset | ft -wrap -autosize >> $filename'.txt'

 # All enabled admins with password changed > 3 months
 $filename = 'admins_enabled_with_old_password_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$date_three_month)(admincount=1))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled admins with password changed > 3 months. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort pwdlastset | ft -wrap -autosize >> $filename'.txt'

 # All enabled users (including admins) with password changed > 6 months
 $filename = 'users_enabled_with_old_password_default_domain'; $date_six_month = (Get-Date).AddMonths(-6).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$date_six_month))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with password changed > 6 months. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort pwdlastset | ft -wrap -autosize >> $filename'.txt'

 # All enabled users (including admins) who last logon is > 3 months.
 $filename = 'users_enabled_with_old_logged_on_date_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastlogontimestamp<=$date_three_month))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) who last logon is > 3 months. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

 # All enabled admins who last logon is > 3 months.
 $filename = 'admins_enabled_with_old_logged_on_date_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastlogontimestamp<=$date_three_month)(admincount=1))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled admins who last logon is > 3 months. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

 # All disabled users:
 $filename = 'users_disabled_dafault_domain'; $out = Get-NetUser -Filter "(userAccountControl:1.2.840.113556.1.4.803:=2)"; Export-Clixml $filename'.out' -InputObject $out; "All disabled users. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

 # All enabled users:
 $filename = 'users_enabled_dafault_domain'; $out = Get-NetUser -Filter "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users. Count: $($out.count)" > $filename'.txt'; $out | select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname | sort lastlogontimestamp | ft -wrap -autosize >> $filename'.txt'

 # All enterprise admins
 Get-NetGroupMember -GroupName "Enterprise Admins" -Recurse | Export-Clixml enterprise_admins_default_domain.out

 # All users of default domain:
 Get-NetUser | Export-Clixml users_default_domain.out

 # Get all groups
 Get-NetGroup -FullData | Export-Clixml groups_all_data_default_domain.out

 # Get all computers 
 Get-NetComputer -FullData | Export-Clixml computers_all_data_default_domain.out
	# Download and invoke PowerView:
	iex(new-object system.net.webclient).downloadstring('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1')

	# All admin users of default domain:
	$filename = 'admins_default_domain'; $out = Get-NetUser -AdminCount; Export-Clixml $filename'.out' -InputObject $out; "All admins in the domain. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) with no-password setting
	$filename = 'users_no_password_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with no-password setting. Means this users could have weak passwords or even no password at all. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort pwdlastset \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) with password never expire setting
	$filename = 'users_password_never_expire_default_domain'; $out = Get-NetUser -Filter "(&(objectCategory=person)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with password never expire setting. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort pwdlastset \| ft -wrap -autosize >> $filename'.txt'

	# All enabled admins with password changed > 3 months
	$filename = 'admins_enabled_with_old_password_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$date_three_month)(admincount=1))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled admins with password changed > 3 months. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort pwdlastset \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) with password changed > 6 months
	$filename = 'users_enabled_with_old_password_default_domain'; $date_six_month = (Get-Date).AddMonths(-6).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$date_six_month))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) with password changed > 6 months. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort pwdlastset \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users (including admins) who last logon is > 3 months.
	$filename = 'users_enabled_with_old_logged_on_date_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastlogontimestamp<=$date_three_month))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users (including admins) who last logon is > 3 months. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enabled admins who last logon is > 3 months.
	$filename = 'admins_enabled_with_old_logged_on_date_default_domain'; $date_three_month = (Get-Date).AddMonths(-3).ToFileTime(); $out = Get-NetUser -Filter "(&(!(userAccountControl:1.2.840.113556.1.4.803:=2))(lastlogontimestamp<=$date_three_month)(admincount=1))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled admins who last logon is > 3 months. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All disabled users:
	$filename = 'users_disabled_dafault_domain'; $out = Get-NetUser -Filter "(userAccountControl:1.2.840.113556.1.4.803:=2)"; Export-Clixml $filename'.out' -InputObject $out; "All disabled users. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enabled users:
	$filename = 'users_enabled_dafault_domain'; $out = Get-NetUser -Filter "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"; Export-Clixml $filename'.out' -InputObject $out; "All enabled users. Count: $($out.count)" > $filename'.txt'; $out \| select samaccountname, whencreated, lastlogontimestamp, pwdlastset, displayname \| sort lastlogontimestamp \| ft -wrap -autosize >> $filename'.txt'

	# All enterprise admins
	Get-NetGroupMember -GroupName "Enterprise Admins" -Recurse \| Export-Clixml enterprise_admins_default_domain.out

	# All users of default domain:
	Get-NetUser \| Export-Clixml users_default_domain.out

	# Get all groups
	Get-NetGroup -FullData \| Export-Clixml groups_all_data_default_domain.out

	# Get all computers
	Get-NetComputer -FullData \| Export-Clixml computers_all_data_default_domain.out