📄
Bufu-Sec Wiki
GithubTwitter
  • Bufu-Sec Wiki
  • Active Directory
    • General
      • General
      • Installation
      • DNS
      • Kerberos
      • Kerberos Delegation
    • Enumeration
      • AD Module
      • Bloodhound
      • PowerShell Cheatsheet
      • PowerView Cheatsheet
      • Users
      • Groups
      • Computers
      • OUs
      • GPOs
      • ACLs
      • Domains
      • Trusts
      • Forest Mappings
      • Files and Shares
      • Kerbrute
    • Privilege Escalation
      • Kerberoasting
      • AS-REP Roasting
      • Constrained Delegation
      • Unconstrained Delegation
      • DNS Admins
    • Lateral Movement
      • PS Remoting
      • Credential Dumping
      • DC Sync
      • Overpass the Hash
      • Ticket Harvesting
      • Pass the Ticket
    • Persistence
      • Golden Tickets
      • Silver Tickets
      • ACL Attacks
      • Custom SSPs
      • DC Shadow
      • Skeleton Key
      • DSRM
    • Trust Attacks
      • Cross Domain Attacks
      • Cross Forest Attacks
      • MSSQL Servers
    • MITM & Relay Attacks
      • LLMNR Poisoning
      • SMB Relay
      • IPv6 Attacks
    • Detection & Defense
      • Domain Admins
      • Architectural Changes
      • Microsoft ATA
Powered by GitBook
On this page
  • Find Shares on Hosts in Current Domain
  • Find Shares from other Domain
  • Exclude Default Shares
  • Show only Shares the Current User Has Access to
  • Find Sensitive Files on Computers
  • Get All Fileservers
  • Use Alternate Credentials when Searching for Files
  1. Active Directory
  2. Enumeration

Files and Shares

Find Shares on Hosts in Current Domain

Invoke-ShareFinder -Verbose

Find Shares from other Domain

Invoke-ShareFinder -Domain lab.local

Exclude Default Shares

Invoke-ShareFinder -ExcludeStandard

Show only Shares the Current User Has Access to

Invoke-ShareFinder -CheckShareAccess

Find Sensitive Files on Computers

Invoke-FileFinder -Verbose

Get All Fileservers

Get-NetFileServer

Use Alternate Credentials when Searching for Files

# Find-InterestingDomainShareFile == old Invoke-FileFinder
$Password = "PASSWORD" | ConvertTo-SecureString -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential("DOMAIN\user",$Password)
Find-InterestingDomainShareFile -Domain Domain -Credential $Credential
PreviousForest MappingsNextKerbrute

Last updated 2 years ago