Penetration Test / Red Teaming / Purple Team
  • whoami
  • PowerShell for Pentesters
  • Azure AD Penetration Test
    • Intro
    • Initial Access
      • Bypassing MFA with Evilginx2
    • Enumeration
    • Privilege Escalation
    • Tools
  • AWS Penetration Test
    • Intro [WIP]
    • Enumeration
    • Initial Access
    • Privilege Escalation
    • Tools
  • Hackthebox WriteUps
  • Purple Team Exercise
    • Intro
  • Container Security
    • Docker Image Security
    • Docker Basic Commands
      • Docker-Related Attack Vectors
    • Podman Basic Commands
    • Container Breakouts
      • Containerd Attacks
    • Multi Container Setup
    • Securing Docker
Powered by GitBook
On this page
  1. Azure AD Penetration Test

Tools

**Recommended Modules to install:

Install-Module -Name Az -Repository PSGallery -Force
Install-Module AzureAD
Install-Module MSOnline

**For everything main tool:

Install-Module AADInternals

**User Enumeration

This script depends on the Python "Requests" library. The script can take a single email address
with the -e parameter or a list of email addresses, one per line, with the -f parameter. 
Additionally, the script can output valid email addressesto a file with the -o parameter.

Examples:
o365creeper.py -e test@example.com
o365creeper.py -f emails.txt
o365creeper.py -f emails.txt -o validemails.txt

**If there is ADFS implemented we can use

Onedrive user enumeration

**Password Spray:

Import-Module MSOLSpray.ps1
Invoke-MSOLSpray -UserList .\userlist.txt -Password Winter2020
pip3 install pipx
pipx ensurepath
pipx install spraycharles
git clone https://github.com/Tw1sm/spraycharles
cd spraycharles/extras
docker build . -t spraycharles
docker run -it -v ~/.spraycharles:/root/.spraycharles spraycharles -h

Download releases from here

https://github.com/CausticKirbyZ/SprayCannon/releases

pip install git+https://github.com/blacklanternsecurity/trevorproxy
pip install git+https://github.com/blacklanternsecurity/trevorspray
Import-Module .\MicroBurst.psm1

https://github.com/NetSPI/MicroBurst/blob/master/Misc/Invoke-EnumerateAzureBlobs.ps1

.\o365recon.ps1 -azure

Just Download releases

https://github.com/Flangvik/TeamFiltration/releases

Import-Module .\TokenTactics.psd1
Get-Help Get-AzureToken
Invoke-RefreshToSubstrateToken
Import-Module .\GraphRunner.ps1
Get-GraphTokens

**Security Auditing Tools for Azure AD:

References: https://github.com/Gerenios/AADInternals https://github.com/LMGsec/o365creeper https://github.com/dafthack/MSOLSpray https://github.com/NetSPI/MicroBurst https://github.com/nyxgeek/o365recon https://github.com/Tw1sm/spraycharles https://github.com/CausticKirbyZ/SprayCannon [https://github.com/blacklanternsecurity/TREVORspray] (https://github.com/blacklanternsecurity/TREVORspray) https://github.com/Flangvik/TeamFiltration https://github.com/rvrsh3ll/TokenTactics https://github.com/NetSPI/MicroBurst/blob/master/Misc/Invoke-EnumerateAzureBlobs.ps1 https://github.com/dafthack/GraphRunner https://github.com/nccgroup/ScoutSuite https://github.com/prowler-cloud/prowler https://github.com/Azure/Stormspotter https://github.com/AzureAD/AzureADAssessment https://github.com/vletoux/pingcastle https://github.com/dirkjanm/ROADtoolsa

PreviousPrivilege EscalationNextAWS Penetration Test

Last updated 1 year ago