azureimposter

package module

v0.0.0-...-c5eddcf Latest Latest Go to latest Published: Dec 1, 2022 License: MIT Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/lkarlslund/azureimposter

Links

Open Source Insights

README ¶

azureimposter

Go module that pretends to be any clientID and grabs an authentication token from Azure using interactive login (w/mfa if enabled) and returns the token to the caller. This can then be used to enumerate users, groups etc. depending on what scope you've requested.

Requires Chrome browser, and should work on Windows / Linux / OSX.

Se the "example" folder for a quick demo.

Inspired by the techniques used in AADinternals PowerShell module module

Documentation ¶

Index ¶

Variables
func GenerateCert(domain string) (tls.Certificate, error)
type Authorization
type AzAuthInfo
type AzClaims
type AzureRequest
type BatchRequest
type BatchResponse
type Client
- func NewClient(token Token) *Client
- func (a *Client) R() *AzureRequest
type Result
type Server
- func Serve(emulateurl string) (*Server, error)
type Token
- func AcquireToken(authority string, authinfo AzAuthInfo) (*Token, error)
type TokenResult

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	WellKnownClients = map[string]AzAuthInfo{
		"Graph": {
			Name:        "Graph",
			ClientId:    "1b730954-1685-4b74-9bfd-dac224a7b894",
			RedirectURI: "https://login.microsoftonline.com/common/oauth2/nativeclient",

			Scope: "https://graph.microsoft.com//.default",
		},
		"Az": {
			Name:     "Az",
			ClientId: "1950a258-227b-4e31-a9cf-717495945fc2",
			Scope:    "https://management.core.windows.net//.default openid profile offline_access",
		},
		"IAM": {
			Name:        "IAM",
			ClientId:    "d3590ed6-52b3-4102-aeff-aad2292ab01c",
			RedirectURI: "urn:ietf:wg:oauth:2.0:oob",
			Resource:    "74658136-14ec-4630-ad9b-26e160ff0fc6",
			Scope:       "openid profile",
		},

		"Teams": {
			Name:        "Teams",
			ClientId:    "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
			RedirectURI: "https://login.microsoftonline.com/common/oauth2/nativeclient",
		},
		"SPO": {
			Name:        "SPO",
			ClientId:    "9bc3ab49-b65d-410a-85ad-de819febfddc",
			RedirectURI: "https://oauth.spops.microsoft.com/",
		},
		"AzureAdmin": {
			Name:        "AzureAdmin",
			ClientId:    "c44b4083-3bb0-49c1-b47d-974e53cbdf3c",
			RedirectURI: "https://portal.azure.com/signin/index/?feature.prefetchtokens=true&feature.showservicehealthalerts=true&feature.usemsallogin=true",
		},
		"AzureAD": {
			Name:        "AzureAD",
			ClientId:    "0000000c-0000-0000-c000-000000000000",
			RedirectURI: "https://account.activedirectory.windowsazure.com/",
			Scope:       "https://graph.windows.net//user_impersonation",
		},
		"MySignIns": {
			Name:        "MySignIns",
			ClientId:    "19db86c3-b2b9-44cc-b339-36da233a3be2",
			RedirectURI: "https://mysignins.microsoft.com",
		},
		"AzureADJoin": {
			Name:        "AzureADJoin",
			ClientId:    "29d9ed98-a469-4536-ade2-f981bc1d605e",
			RedirectURI: "ms-aadj-redir://auth/drs",
		},
		"AzureAndroidApp": {
			Name:        "AzureAndroidApp",
			ClientId:    "0c1307d4-29d6-4389-a11c-5cbe7f65d7fa",
			RedirectURI: "https://azureapp",
		},
		"OneDriveWeb": {
			Name:        "OneDriveWeb",
			ClientId:    "33be1cef-03fb-444b-8fd3-08ca1b4d803f",
			RedirectURI: "https://admin.onedrive.com",
		},
		"OneDriveNative": {
			Name:        "OneDriveNative",
			ClientId:    "ab9b8c07-8f02-4f72-87fa-80105867a763",
			RedirectURI: "https://login.windows.net/common/oauth2/nativeclient",
		},
		"MSCommerce": {
			Name:        "MSCommerce",
			ClientId:    "3d5cffa9-04da-4657-8cab-c7f074657cad",
			RedirectURI: "http://localhost/m365/commerce",
		},
		"Office": {
			Name:        "Office",
			ClientId:    "d3590ed6-52b3-4102-aeff-aad2292ab01c",
			RedirectURI: "urn:ietf:wg:oauth:2.0:oob",
			Scope:       "https://management.core.windows.net//user_impersonation",
		},
	}
)

Functions ¶

func GenerateCert ¶

func GenerateCert(domain string) (tls.Certificate, error)

Types ¶

type Authorization ¶

type Authorization struct {
	ClientID string
	Scope    string

	Token        string
	RefreshToken string
}

type AzAuthInfo ¶

type AzAuthInfo struct {
	Name        string
	ClientId    string
	RedirectURI string
	Scope       string
	Resource    string
	OtherParams map[string]string
}

type AzClaims ¶

type AzClaims struct {
	ClientID                     string   `json:"appid"`
	TenantID                     string   `json:"tid"`
	AuthenticationMethods        []string `json:"amr"`
	ObjectID                     string   `json:"oid"`
	OnPremisesSecurityIdentifier string   `json:"omprem_sid"`
	Name                         string   `json:"name"`
	TenantRegionScope            string   `json:"tenant_region_scope"`
	jwt.StandardClaims
}

type AzureRequest ¶

type AzureRequest struct {
	*resty.Request
	// contains filtered or unexported fields
}

func (*AzureRequest) BatchChunkData ¶

func (ar *AzureRequest) BatchChunkData(requests []BatchRequest, onRequest func(data []byte) error) error

func (*AzureRequest) GetChunkedData ¶

func (ar *AzureRequest) GetChunkedData(onChunk func(data []byte) error) error

func (*AzureRequest) GetData ¶

func (ar *AzureRequest) GetData(onData func(data []byte) error) error

type BatchRequest ¶

type BatchRequest struct {
	ID     string `json:"id"`
	URL    string `json:"url"`
	Method string `json:"method"`
	Body   string `json:"body"`
}

type BatchResponse ¶

type BatchResponse struct {
	ID     string `json:"id"`
	URL    string `json:"url"`
	Method string `json:"method"`
	Body   string `json:"body"`
}

type Client ¶

type Client struct {
	*resty.Client
	OnTokenRefresh func(Token)
	// contains filtered or unexported fields
}

func NewClient ¶

func NewClient(token Token) *Client

func (*Client) R ¶

func (a *Client) R() *AzureRequest

type Result ¶

type Result struct {
	// Code is the code sent by the authority server.
	Code string
	// Err is set if there was an error.
	Err error
}

type Server ¶

type Server struct {
	Addr string
	Port int
	TLS  bool
	Cert tls.Certificate

	ResultCh chan Result
	// contains filtered or unexported fields
}

func Serve ¶

func Serve(emulateurl string) (*Server, error)

type Token ¶

type Token struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ClientID     string `json:"client_id"`
	Scope        string `json:"scope,omitempty"`
	Resource     string `json:"resource,omitempty"`
}

func AcquireToken ¶

func AcquireToken(authority string, authinfo AzAuthInfo) (*Token, error)

func (*Token) IsValid ¶

func (t *Token) IsValid() bool

func (*Token) MigrateScope ¶

func (t *Token) MigrateScope(clientid, scope string) (*Token, error)

Tries to use the refreshtoken to act as another client under another scope

func (*Token) Parse ¶

func (t *Token) Parse() (*jwt.Token, *AzClaims, error)

func (*Token) Refresh ¶

func (t *Token) Refresh() error

type TokenResult ¶

type TokenResult struct {
	TokenType    string      `json:"token_type"`
	Scope        string      `json:"scope"`
	ExpiresIn    interface{} `json:"expires_in"`
	ExtExpiresIn interface{} `json:"ext_expires_in"`
	ExpiresOn    string      `json:"expires_on"`
	NotBefore    string      `json:"not_before"`
	Resource     string      `json:"resource"`
	AccessToken  string      `json:"access_token"`
	RefreshToken string      `json:"refresh_token"`
	Foci         string      `json:"foci"`
	IdToken      string      `json:"id_token"`
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
api
msgraph Package msgraph provides primitives to interact with the openapi HTTP API.	Package msgraph provides primitives to interact with the openapi HTTP API.
examples
grabtoken
lastuserlogin

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL