๐ฅ๏ธAD Computers
Domain Computer Information
Get-DomainComputer
Code
Get-DomainComputer -Properties dnshostname,operatingsystem,lastlogontimestamp,useraccountcontrolExport Data to a CSV File
Code
Get-DomainComputer -Properties dnshostname,operatingsystem,lastlogontimestamp,useraccountcontrol | Export-Csv .\inlanefreight_computers.csv -NoTypeInformationFinding Exploitable Machines
LastLogonTimeStamp
If this field is 90 days old for a machine, it has not been turned on and is missing both operating system and application patches. Attackers can use this field in combination with other fields such as Operating System or When Created to identify targets.
OperatingSystem
Eg. Find a Windows 7 box that is still active (LastLogonTimeStamp) and try attacks like Eternal Blue. Windows 10 Enterprise is the only version that comes with "Credential Guard" (Prevents Mimikatz from Stealing Passwords) Enabled by default. If you see Administrators logging into Windows 10 Professional and Windows 10 Enterprise, the Professional box should be targeted.
WhenCreated
The older the box is, the more likely it is to deviate from the "Standard Build." Old workstations could have weaker local administration passwords, more local admins, vulnerable software, more data, etc.
Computer Attacks
Unconstrained Delegation
Code
Get-DomainComputer -Unconstrained -Properties dnshostname,useraccountcontrolConstrained Delegation
Code
Get-DomainComputer -TrustedToAuth | select -Property dnshostname,useraccountcontrolLast updated