.png)
1 year ago
97 BOOK THIS SPACE FOR AD
ARTICLE ADMicrosoft O365 CLI Tool
Recon:
Get Federation info for target domain:
https://login.microsoftonline.com/getuserrealm.srf?login=username@targetdomain.com&xml=1
Get Tenant ID for a target domain:
https://login.microsoftonline.com/<target domain>/v2.0/.well-known/openid-configuration
Az PowerShell Module:
Connect-AzAccount
## Or this way sometimes gets around MFA restrictions
$credential = Get-Credential
Connect-AzAccount -Credential $credential
MSOnline PowerShell Module:
Import-Module MSOnline
Authentication
Connect-MsolService
## Or this way sometimes gets around MFA restrictions
$credential = Get-Credential
Connect-MsolService -Credential $credentiala
MailSnipper:
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email or by an Exchange administrator to search the mailboxes of every user in a domain.
MailSniper also includes additional modules for password spraying, enumerating users and domains, gathering the Global Address List (GAL) from OWA and EWS and checking mailbox permissions for every Exchange user at an organization.
Proof of concept:
C:\Users\YoKo\Tools> powershell.exe -exec bypassWindows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Try the new cross-platform PowerShell https://aka.ms/pscore6
PS C:\Users\Tools> cd .\MailSniper-master\
PS C:\Users\Tools\MailSniper-master> Import-Module .\MailSniper.ps1
PS C:\Users\Tools\MailSniper-master> Invoke-SelfSearch -Mailbox username@domain.tld -ExchHostname mail.domain.tld -Remote
MFASweep:
MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled. Depending on how conditional access policies and other multi-factor authentication settings are configured some protocols may end up being left single factor. It also has an additional check for ADFS configurations and can attempt to log in to the on-prem ADFS server if detected.
Currently MFASweep has the ability to login to the following services:
Microsoft Graph APIAzure Service Management APIMicrosoft 365 Exchange Web ServicesMicrosoft 365 Web Portal w/ 6 device types (Windows, Linux, MacOS, Android Phone, iPhone, Windows Phone)Microsoft 365 Active SyncADFSProof of concept:
In the next screenshot, I tried logging in to the same account after I changed my user agent using Chrome’s built-in developer tools feature to mimic an Android device. This time, MFA was not required.
Bengali (Bangladesh) · 
English (United States) ·