forked from swisskyrepo/PayloadsAllTheThings
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
2d3f02a
commit 18c656f
Showing
1 changed file
with
17 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -90,11 +90,27 @@ | |
| ``` | ||
| * [**BloodHoundAD/AzureHound**](https://github.com/BloodHoundAD/AzureHound) - Azure Data Exporter for BloodHound | ||
| ```powershell | ||
| # First, retrieve a refresh token (-r) if username/password isn't supported. | ||
| # An access token (-j) isn't recommended because it can expire before the end of azurehound execution | ||
| Install-Module AADInternals -Scope CurrentUser | ||
| Import-Module AADInternals | ||
| $rt = (Get-AADIntAccessToken -ClientId "1950a258-227b-4e31-a9cf-717495945fc2" -Resource "https://graph.microsoft.com" -PRTToken (Get-AADIntUserPRTToken) -IncludeRefreshToken $true)[1] | ||
| # Second, launch azurehound collector | ||
| ## Connects on your Azure account using the refresh token provided and the tenant of the account | ||
| ## and collects every possible objects in contoso.microsoft.com. Results are stored in json | ||
| ./azurehound -r $rt --tenant "contoso.onmicrosoft.com" list -o azurehound-scan.json --tenant "contoso.microsoft.com" | ||
| ## Sets configuration file with connection variables and other things (not required) | ||
| ./azurehound configure | ||
| ## Collects every objects on all accessible tenants using username/password and prints it to stdout | ||
| ./azurehound -u "[email protected]" -p "MyVerySecurePassword123" --tenant "contoso.onmicrosoft.com" list | ||
| ## Collects every objects on a specific tenant using username/password and stores it in json | ||
| ./azurehound -u "[email protected]" -p "Password1" list -o initial-scan.json --tenant "contoso.onmicrosoft.com" | ||
| ## Collects every objects on all tenants accessible using Service Principal secret | ||
| ./azurehound -a "6b5adee8-..." -s "<secret>" --tenant "contoso.onmicrosoft.com" list | ||
| ## Collects AzureAD info (all except AzureRM info) using JWT access token | ||
| ./azurehound -j "ey..." --tenant "contoso.onmicrosoft.com" list az-ad | ||
| ## Collects every users using refresh token | ||
| ./azurehound -r "0.ARwA6Wg..." --tenant "contoso.onmicrosoft.com" list users | ||
| # List of collections | ||
|
|
@@ -1137,4 +1153,4 @@ Using [https://autologon.microsoftazuread-sso.com/](https://autologon.microsofta | |
| * [AZURE AD INTRODUCTION FOR RED TEAMERS - Written by Aymeric Palhière (bak) - 2020-04-20](https://www.synacktiv.com/posts/pentest/azure-ad-introduction-for-red-teamers.html) | ||
| * [Impersonating Office 365 Users With Mimikatz - January 15, 2017 - Michael Grafnetter](https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/) | ||
| * [The Art of the Device Code Phish - Bobby Cooke](https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html) | ||
| * [AZURE AD cheatsheet - BlackWasp](https://hideandsec.sh/books/cheatsheets-82c/page/azure-ad) | ||
| * [AZURE AD cheatsheet - BlackWasp](https://hideandsec.sh/books/cheatsheets-82c/page/azure-ad) | ||