mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-11-10 07:04:22 +00:00
Add AzureHound examples
This commit is contained in:
parent
2d3f02a795
commit
18c656f756
1 changed files with 17 additions and 1 deletions
|
@ -90,11 +90,27 @@
|
|||
```
|
||||
* [**BloodHoundAD/AzureHound**](https://github.com/BloodHoundAD/AzureHound) - Azure Data Exporter for BloodHound
|
||||
```powershell
|
||||
# First, retrieve a refresh token (-r) if username/password isn't supported.
|
||||
# An access token (-j) isn't recommended because it can expire before the end of azurehound execution
|
||||
Install-Module AADInternals -Scope CurrentUser
|
||||
Import-Module AADInternals
|
||||
$rt = (Get-AADIntAccessToken -ClientId "1950a258-227b-4e31-a9cf-717495945fc2" -Resource "https://graph.microsoft.com" -PRTToken (Get-AADIntUserPRTToken) -IncludeRefreshToken $true)[1]
|
||||
|
||||
# Second, launch azurehound collector
|
||||
## Connects on your Azure account using the refresh token provided and the tenant of the account
|
||||
## and collects every possible objects in contoso.microsoft.com. Results are stored in json
|
||||
./azurehound -r $rt --tenant "contoso.onmicrosoft.com" list -o azurehound-scan.json --tenant "contoso.microsoft.com"
|
||||
## Sets configuration file with connection variables and other things (not required)
|
||||
./azurehound configure
|
||||
## Collects every objects on all accessible tenants using username/password and prints it to stdout
|
||||
./azurehound -u "MattNelson@contoso.onmicrosoft.com" -p "MyVerySecurePassword123" --tenant "contoso.onmicrosoft.com" list
|
||||
## Collects every objects on a specific tenant using username/password and stores it in json
|
||||
./azurehound -u "phisheduser@contoso.onmicrosoft.com" -p "Password1" list -o initial-scan.json --tenant "contoso.onmicrosoft.com"
|
||||
## Collects every objects on all tenants accessible using Service Principal secret
|
||||
./azurehound -a "6b5adee8-..." -s "<secret>" --tenant "contoso.onmicrosoft.com" list
|
||||
## Collects AzureAD info (all except AzureRM info) using JWT access token
|
||||
./azurehound -j "ey..." --tenant "contoso.onmicrosoft.com" list az-ad
|
||||
## Collects every users using refresh token
|
||||
./azurehound -r "0.ARwA6Wg..." --tenant "contoso.onmicrosoft.com" list users
|
||||
|
||||
# List of collections
|
||||
|
@ -1137,4 +1153,4 @@ Using [https://autologon.microsoftazuread-sso.com/](https://autologon.microsofta
|
|||
* [AZURE AD INTRODUCTION FOR RED TEAMERS - Written by Aymeric Palhière (bak) - 2020-04-20](https://www.synacktiv.com/posts/pentest/azure-ad-introduction-for-red-teamers.html)
|
||||
* [Impersonating Office 365 Users With Mimikatz - January 15, 2017 - Michael Grafnetter](https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/)
|
||||
* [The Art of the Device Code Phish - Bobby Cooke](https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html)
|
||||
* [AZURE AD cheatsheet - BlackWasp](https://hideandsec.sh/books/cheatsheets-82c/page/azure-ad)
|
||||
* [AZURE AD cheatsheet - BlackWasp](https://hideandsec.sh/books/cheatsheets-82c/page/azure-ad)
|
||||
|
|
Loading…
Reference in a new issue