Folder tree update

pull/1/head
Swissky 2023-11-19 10:38:58 +01:00
parent 1285fd980b
commit 24fe926630
37 changed files with 67 additions and 25 deletions

View File

@ -69,21 +69,21 @@ roadtx gettokens --refresh-token <refresh-token> -c 04b07795-8ddb-461a-bbee-02f9
``` ```
``` ```
scope resource client scope resource client
.default 04b07795-8ddb-461a-bbee-02f9e1bf7b46 04b07795-8ddb-461a-bbee-02f9e1bf7b46 .default 04b07795-8ddb-461a-bbee-02f9e1bf7b46 04b07795-8ddb-461a-bbee-02f9e1bf7b46
1950a258-227b-4e31-a9cf-717495945fc2 1950a258-227b-4e31-a9cf-717495945fc2 1950a258-227b-4e31-a9cf-717495945fc2 1950a258-227b-4e31-a9cf-717495945fc2
https://graph.microsoft.com 00b41c95-dab0-4487-9791-b9d2c32c80f2 https://graph.microsoft.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
04b07795-8ddb-461a-bbee-02f9e1bf7b46 04b07795-8ddb-461a-bbee-02f9e1bf7b46
https://graph.windows.net 00b41c95-dab0-4487-9791-b9d2c32c80f2 https://graph.windows.net 00b41c95-dab0-4487-9791-b9d2c32c80f2
04b07795-8ddb-461a-bbee-02f9e1bf7b46 04b07795-8ddb-461a-bbee-02f9e1bf7b46
https://outlook.office.com 00b41c95-dab0-4487-9791-b9d2c32c80f2 https://outlook.office.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
04b07795-8ddb-461a-bbee-02f9e1bf7b46 04b07795-8ddb-461a-bbee-02f9e1bf7b46
Files.Read.All d3590ed6-52b3-4102-aeff-aad2292ab01c d3590ed6-52b3-4102-aeff-aad2292ab01c Files.Read.All d3590ed6-52b3-4102-aeff-aad2292ab01c d3590ed6-52b3-4102-aeff-aad2292ab01c
https://graph.microsoft.com d3590ed6-52b3-4102-aeff-aad2292ab01c https://graph.microsoft.com 3590ed6-52b3-4102-aeff-aad2292ab01c
https://outlook.office.com 1fec8e78-bce4-4aaf-ab1b-5451cc387264 https://outlook.office.com 1fec8e78-bce4-4aaf-ab1b-5451cc387264
Mail.ReadWrite.All https://graph.microsoft.com 00b41c95-dab0-4487-9791-b9d2c32c80f2 Mail.ReadWrite.All https://graph.microsoft.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
https://outlook.office.com 00b41c95-dab0-4487-9791-b9d2c32c80f2 https://outlook.office.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
https://outlook.office365.com 00b41c95-dab0-4487-9791-b9d2c32c80f2 https://outlook.office365.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
``` ```

View File

@ -11,6 +11,15 @@
```ps1 ```ps1
``` ```
* Add user to a group
```ps1
$groupid = "<group-id>"
$targetmember = "<user-id>"
$group = Get-MgGroup -GroupId $groupid
$members = Get-MgGroupMember -GroupId $groupid
New-MgGroupMember -GroupId $groupid -DirectoryObjectid $targetmember
```
## Devices ## Devices

View File

@ -22,10 +22,13 @@ Invoke-AADIntReconAsOutsider -UserName "user@company.com" | Format-Table
``` ```
## Azure AD - Conditionnal Access ## Azure AD - Conditionnal Access Policy
Enumerate Conditionnal Access Policies: `roadrecon plugin policies` Enumerate Conditionnal Access Policies: `roadrecon plugin policies`
## Azure AD - MFA ## Azure AD - MFA
* [dafthack/MFASweep](https://github.com/dafthack/MFASweep) - A tool for checking if MFA is enabled on multiple Microsoft Services * [dafthack/MFASweep](https://github.com/dafthack/MFASweep) - A tool for checking if MFA is enabled on multiple Microsoft Services

View File

@ -5,9 +5,10 @@
> The attacker creates an Azure-registered application that requests access to data such as contact information, email, or documents. The attacker then tricks an end user into granting consent to the application so that the attacker can gain access to the data that the target user has access to. > The attacker creates an Azure-registered application that requests access to data such as contact information, email, or documents. The attacker then tricks an end user into granting consent to the application so that the attacker can gain access to the data that the target user has access to.
Check if users are allowed to consent to apps: `PS AzureADPreview> (GetAzureADMSAuthorizationPolicy).PermissionGrantPolicyIdsAssignedToDefaultUserRole` Check if users are allowed to consent to apps: `PS AzureADPreview> (GetAzureADMSAuthorizationPolicy).PermissionGrantPolicyIdsAssignedToDefaultUserRole`
* **Disable user consent** : Users cannot grant permissions to applications. * **Disable user consent** : Users cannot grant permissions to applications.
* **Users can consent to apps from verified publishers or your organization, but only for permissions you select** : All users can only consent to apps that were published by a verified publisher and apps that are registered in your tenant * **Users can consent to apps from verified publishers or your organization, but only for permissions you select** : All users can only consent to apps that were published by a verified publisher and apps that are registered in your tenant
* **Users can consent to all apps** : allows all users to consent to any permission which doesn't require admin consent, * **Users can consent to all apps** : allows all users to consent to any permission which doesn't require admin consent.
* **Custom app consent policy** * **Custom app consent policy**
### Register Application ### Register Application

View File

@ -22,9 +22,27 @@ Runbook must be SAVED and PUBLISHED before running it.
``` ```
## Microsoft Intune
* LAPS
```ps1
#requires -modules Microsoft.Graph.Authentication
#requires -modules Microsoft.Graph.Intune
#requires -modules LAPS
#requires -modules ImportExcel
$DaysBack = 30
Connect-MgGraph
Get-IntuneManagedDevice -Filter "Platform eq 'Windows'" |
Foreach-Object {Get-LapsAADPassword -DevicesIds $_.DisplayName} |
Where-Object {$_.PasswordExpirationTime -lt (Get-Date).AddDays(-$DaysBack)} |
Export-Excel -Path "c:\temp\lapsdata.xlsx" - ClearSheet -AutoSize -Show
```
## Office 365 ## Office 365
### Extracting Microsoft Teams Messages ### Microsoft Teams Messages
```ps1 ```ps1
TokenTacticsV2> RefreshTo-MSTeamsToken -domain domain.local TokenTacticsV2> RefreshTo-MSTeamsToken -domain domain.local
@ -32,15 +50,26 @@ AADInternals> Get-AADIntTeamsMessages -AccessToken $MSTeamsToken.access_token |
``` ```
## Outlook ## Outlook Mails
* Read user messages * Read user mails
```ps1 ```ps1
Get-MgUserMessage -UserId <user-id> | ft Get-MgUserMessage -UserId <user-id> | ft
Get-MgUserMessageContent -OutFile mail.txt -UserId <user-id> -MessageId <message-id> Get-MgUserMessageContent -OutFile mail.txt -UserId <user-id> -MessageId <message-id>
``` ```
## OneDrive Files
```ps1
$userId = "<user-id>"
Import-Module Microsoft.Graph.Files
Get-MgUserDefaultDrive -UserId $userId
Get-MgUserDrive -UserId $UserId -Debug
Get-MgDrive -top 1
```
## References ## References
* [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell) * [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell)
* [Microsoft Intune - Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/en-us/mem/intune/protect/windows-laps-overview)

View File

@ -1,4 +1,4 @@
# Bug Hunting Methodology and Enumeration # Bug Hunting Methodology
## Summary ## Summary

View File