Collection of PowerShell functions for AD enumeration.
PS > powershell -ep bypass
PS > Import-Module ADEnum.ps1
LDAPSearch
returns all objects from AD.
PS > $objects = $(LDAPSearch -LDAPQuery "(objectCategory=group)")
PS > foreach ($obj in $objects) { ... }
LDAPSearch-Groups
returns all groups from AD
PS > LDAPSearch-Groups
Path Properties
---- ----------
LDAP://DC1.corp.com/CN=Administrators,CN=Builtin,DC=corp,DC=com {objectcategory, usnchanged, ...
LDAP://DC1.corp.com/CN=Users,CN=Builtin,DC=corp,DC=com {usnchanged, distinguishednam...
LDAP://DC1.corp.com/CN=Guests,CN=Builtin,DC=corp,DC=com {usnchanged, distinguishednam...
...
LDAPSearch-Group <GroupName>
returns specific group from AD
PS > LDAPSearch-Group "Sales Department"
Path Properties
---- ----------
LDAP://DC1.corp.com/CN=Sales Department,DC=corp,DC=com {usnchanged, distinguishedname, grouptype, whencreated...}
PS > $(LDAPSearch-Group "Sales Department").Properties.member
CN=Development Department,DC=corp,DC=com
CN=pete,CN=Users,DC=corp,DC=com
CN=stephanie,CN=Users,DC=corp,DC=com
Low and slow password spraying attack against AD users.
.\Spray-Passwords.ps1 -Pass Nexus123! -Admin
.\Spray-Passwords.ps1 -File paswords.txt -Admin