Powerview is a powerful powershell script from powershell empire that can be used for enumerating a domain after you have already gained a shell in the system.
Usage
Powerview has been loaded onto our host machine already. In the future, you will need to load it.
- SSH into the machine with credentials
- Run powershell -ep bypass – This bypasses the execution policy
- Run .\Powerview.ps1 from the download location
- Using these commands you can enumerate the machine – https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993