azureimposter

package module
v0.0.0-...-c5eddcf Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 1, 2022 License: MIT Imports: 24 Imported by: 0

README

azureimposter

Go module that pretends to be any clientID and grabs an authentication token from Azure using interactive login (w/mfa if enabled) and returns the token to the caller. This can then be used to enumerate users, groups etc. depending on what scope you've requested.

Requires Chrome browser, and should work on Windows / Linux / OSX.

Se the "example" folder for a quick demo.

Inspired by the techniques used in AADinternals PowerShell module module

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	WellKnownClients = map[string]AzAuthInfo{
		"Graph": {
			Name:        "Graph",
			ClientId:    "1b730954-1685-4b74-9bfd-dac224a7b894",
			RedirectURI: "https://login.microsoftonline.com/common/oauth2/nativeclient",

			Scope: "https://graph.microsoft.com//.default",
		},
		"Az": {
			Name:     "Az",
			ClientId: "1950a258-227b-4e31-a9cf-717495945fc2",
			Scope:    "https://management.core.windows.net//.default openid profile offline_access",
		},
		"IAM": {
			Name:        "IAM",
			ClientId:    "d3590ed6-52b3-4102-aeff-aad2292ab01c",
			RedirectURI: "urn:ietf:wg:oauth:2.0:oob",
			Resource:    "74658136-14ec-4630-ad9b-26e160ff0fc6",
			Scope:       "openid profile",
		},

		"Teams": {
			Name:        "Teams",
			ClientId:    "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
			RedirectURI: "https://login.microsoftonline.com/common/oauth2/nativeclient",
		},
		"SPO": {
			Name:        "SPO",
			ClientId:    "9bc3ab49-b65d-410a-85ad-de819febfddc",
			RedirectURI: "https://oauth.spops.microsoft.com/",
		},
		"AzureAdmin": {
			Name:        "AzureAdmin",
			ClientId:    "c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
			RedirectURI: "https://portal.azure.com/signin/index/?feature.prefetchtokens=true&feature.showservicehealthalerts=true&feature.usemsallogin=true",
		},
		"AzureAD": {
			Name:        "AzureAD",
			ClientId:    "0000000c-0000-0000-c000-000000000000",
			RedirectURI: "https://account.activedirectory.windowsazure.com/",
			Scope:       "https://graph.windows.net//user_impersonation",
		},
		"MySignIns": {
			Name:        "MySignIns",
			ClientId:    "19db86c3-b2b9-44cc-b339-36da233a3be2",
			RedirectURI: "https://mysignins.microsoft.com",
		},
		"AzureADJoin": {
			Name:        "AzureADJoin",
			ClientId:    "29d9ed98-a469-4536-ade2-f981bc1d605e",
			RedirectURI: "ms-aadj-redir://auth/drs",
		},
		"AzureAndroidApp": {
			Name:        "AzureAndroidApp",
			ClientId:    "0c1307d4-29d6-4389-a11c-5cbe7f65d7fa",
			RedirectURI: "https://azureapp",
		},
		"OneDriveWeb": {
			Name:        "OneDriveWeb",
			ClientId:    "33be1cef-03fb-444b-8fd3-08ca1b4d803f",
			RedirectURI: "https://admin.onedrive.com",
		},
		"OneDriveNative": {
			Name:        "OneDriveNative",
			ClientId:    "ab9b8c07-8f02-4f72-87fa-80105867a763",
			RedirectURI: "https://login.windows.net/common/oauth2/nativeclient",
		},
		"MSCommerce": {
			Name:        "MSCommerce",
			ClientId:    "3d5cffa9-04da-4657-8cab-c7f074657cad",
			RedirectURI: "http://localhost/m365/commerce",
		},
		"Office": {
			Name:        "Office",
			ClientId:    "d3590ed6-52b3-4102-aeff-aad2292ab01c",
			RedirectURI: "urn:ietf:wg:oauth:2.0:oob",
			Scope:       "https://management.core.windows.net//user_impersonation",
		},
	}
)

Functions

func GenerateCert 

func GenerateCert(domain string) (tls.Certificate, error)

Types

type Authorization 

type Authorization struct {
	ClientID string
	Scope    string

	Token        string
	RefreshToken string
}

type AzAuthInfo 

type AzAuthInfo struct {
	Name        string
	ClientId    string
	RedirectURI string
	Scope       string
	Resource    string
	OtherParams map[string]string
}

type AzClaims 

type AzClaims struct {
	ClientID                     string   `json:"appid"`
	TenantID                     string   `json:"tid"`
	AuthenticationMethods        []string `json:"amr"`
	ObjectID                     string   `json:"oid"`
	OnPremisesSecurityIdentifier string   `json:"omprem_sid"`
	Name                         string   `json:"name"`
	TenantRegionScope            string   `json:"tenant_region_scope"`
	jwt.StandardClaims
}

type AzureRequest 

type AzureRequest struct {
	*resty.Request
	// contains filtered or unexported fields
}

func (*AzureRequest) BatchChunkData 

func (ar *AzureRequest) BatchChunkData(requests []BatchRequest, onRequest func(data []byte) error) error

func (*AzureRequest) GetChunkedData 

func (ar *AzureRequest) GetChunkedData(onChunk func(data []byte) error) error

func (*AzureRequest) GetData 

func (ar *AzureRequest) GetData(onData func(data []byte) error) error

type BatchRequest 

type BatchRequest struct {
	ID     string `json:"id"`
	URL    string `json:"url"`
	Method string `json:"method"`
	Body   string `json:"body"`
}

type BatchResponse 

type BatchResponse struct {
	ID     string `json:"id"`
	URL    string `json:"url"`
	Method string `json:"method"`
	Body   string `json:"body"`
}

type Client 

type Client struct {
	*resty.Client
	OnTokenRefresh func(Token)
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(token Token) *Client

func (*Client) R 

func (a *Client) R() *AzureRequest

type Result 

type Result struct {
	// Code is the code sent by the authority server.
	Code string
	// Err is set if there was an error.
	Err error
}

type Server 

type Server struct {
	Addr string
	Port int
	TLS  bool
	Cert tls.Certificate

	ResultCh chan Result
	// contains filtered or unexported fields
}

func Serve 

func Serve(emulateurl string) (*Server, error)

type Token 

type Token struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ClientID     string `json:"client_id"`
	Scope        string `json:"scope,omitempty"`
	Resource     string `json:"resource,omitempty"`
}

func AcquireToken 

func AcquireToken(authority string, authinfo AzAuthInfo) (*Token, error)

func (*Token) IsValid 

func (t *Token) IsValid() bool

func (*Token) MigrateScope 

func (t *Token) MigrateScope(clientid, scope string) (*Token, error)

Tries to use the refreshtoken to act as another client under another scope

func (*Token) Parse 

func (t *Token) Parse() (*jwt.Token, *AzClaims, error)

func (*Token) Refresh 

func (t *Token) Refresh() error

type TokenResult 

type TokenResult struct {
	TokenType    string      `json:"token_type"`
	Scope        string      `json:"scope"`
	ExpiresIn    interface{} `json:"expires_in"`
	ExtExpiresIn interface{} `json:"ext_expires_in"`
	ExpiresOn    string      `json:"expires_on"`
	NotBefore    string      `json:"not_before"`
	Resource     string      `json:"resource"`
	AccessToken  string      `json:"access_token"`
	RefreshToken string      `json:"refresh_token"`
	Foci         string      `json:"foci"`
	IdToken      string      `json:"id_token"`
}

Source Files

View all Source files

Directories

Path Synopsis
api
msgraph
Package msgraph provides primitives to interact with the openapi HTTP API.
 Package msgraph provides primitives to interact with the openapi HTTP API.
examples
grabtoken
lastuserlogin

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.