Current Scripts:

Get-AllTrusts

Get-AllTrusts will list the trusts for the inputted or current domain/forest. Will also output status of SIDFiltering and SelectiveAuthorization

If SIDFiltering is disabled, attackers can perform a SIDHistory attack to gain DA/EA privileges from one Domain/Forest to another Domain/Forest. See more on the attack here: https://adsecurity.org/?p=1640

Usage:

Will grab the trust information for the domain the current user is a member of

PS C:\> Get-AllTrusts

Will grab the trust information for all the trusts with ABC.LOCAL Domain/Forest. You can pipe the results to Format-Table (ft) for easier reading

PS C:\> Get-AllTrusts -domain ABC.LOCAL | ft

Invoke-AdminAccessFinder

Invoke-AdminAccessFinder is a supplement to PowerView’s Invoke-EnumerateLocalAdmin. Invoke-AdminAccessFinder will search a list of hosts that the specified user/group has administrative access to. Invoke-AdminAccessFinder gets it’s dataset by importing the CSV output from PowerView’s Invoke-EnumerateLocalAdmin function. Invoke-AdminAccessFinder identifies the security group membership for the user/group, recursively (with [TokenGroups] (https://msdn.microsoft.com/en-us/library/ms680275(v=vs.85).aspx)) and will return a list of hosts that the user/group and any of its group memberships have administrative access on.

On first execution of Invoke-AdminAccessFinder, you will be prompted to import the CSV file. Invoke-AdminAccessFinder will only ask for the CSV once per PowerShell session unless the -Clean switch is specified.

Invoke-UserPasswordTest

Tests a specified username with a password that matches their username. You can specify a username via the
SamAccountName parameter or you can pass this into the pipeline.

User Management

• Add-LocalAdmin:
  Adds a user to the local administrator group for the specified computer. (Without using net.exe)
• Delete-LocalUser:
  Deletes a local user from the specified computer (Without using net.exe)

Author: @DennisMald

Source: https://github.com/linuz/