PowerShell is an automated framework that provides system administrators with many capabilities to perform tasks. It supports the scripting language. Every command in the script is called a cmdlet. You can build your own cmdlets using the .NET programming language. An explanation is given here:
![](https://static.packt-cdn.com/products/9781788624480/graphics/assets/7fb7c0ca-80aa-4114-9af4-dae4c774c203.png)
To check out a forest, you can use the get-adforest cmdlet, as shown:
![](https://static.packt-cdn.com/products/9781788624480/graphics/assets/33bd9fd6-b75b-49e3-8282-d17f3235b42e.png)
To check all the commands type: Get-Command, as shown:
![](https://static.packt-cdn.com/products/9781788624480/graphics/assets/5ea30f6b-664a-4372-9e2f-9ffb96c976cb.png)
To check the domains, you can use Get-ADDomain, as shown:
![](https://static.packt-cdn.com/products/9781788624480/graphics/assets/1229bca5-fb79-4a33-a2a0-4960df0bdcb0.png)
To check the trust of the forest, you need to use get-adtrust, as shown:
![](https://static.packt-cdn.com/products/9781788624480/graphics/assets/f65ae7a1-660f-4275-8ebb-4db705806e71.png)
get-aduser is used to get a specified user, as shown:
![](https://static.packt-cdn.com/products/9781788624480/graphics/assets/bb2d9d77-e103-40d1-9312-e90a7dfb133b.png)
PowerShell is used as an attack platform in many cases for the following reasons:
- It runs code in memory without touching disk
- It downloads and executes code from another system
- It interfaces with .NET and Windows APIs
- Most organizations are not...