Check where you have access in an Active Directory environment!
PS C:\> Import-Module .\MASSaRCE.ps1
PS C:\> Connect-MassWinRM -Command hostname -Username lab\Administrator
dc01
file01
ws01
PS C:\> Connect-MassRDP -Username lab\Administrator
Press ENTER to launch RDP to DC01, or 's' to skip:
Press ENTER to launch RDP to FILE01, or 's' to skip:
Press ENTER to launch RDP to WS01, or 's' to skip:
This is a simple PowerShell script that allows you to run commands on many remote systems in an Active Directory environment, mainly to learn which systems you have administrative access to. It currently supports WinRM and RDP.
Requires the ActiveDirectory PowerShell module to be installed. If you lack the privileges to install it on the target system, see the standalone ADModule repo.
This is one of the least stealthy things you can do! You have been warned.
Currently, Connect-MassRDP saves the password locally in cmdkey for all targets. You might wish to delete them.
This tool should be used for authorized testing and/or educational purposes only.
Thank you Jaap Brasser for RDP connection functionality.