Skip to content

Commit 98f8540

Browse files
mlcsecmlcsec
committed
Updated commands
1 parent 396e37d commit 98f8540

File tree

6 files changed

+35
-12
lines changed

6 files changed

+35
-12
lines changed

.github/excludedgroupav.png

11.6 KB
Loading

.github/getdeviceconfigurationpolicies.png

27.5 KB
Loading

.github/spoofowaemail.png

51.6 KB
Loading

.github/spoofowaemailcommand.png

12.8 KB
Loading

README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -439,8 +439,9 @@ Confirm that the object has been removed from the group:
439439
## Todo
440440

441441
- Update:
442-
- [ ] `Spoof-OWAEmailMessage` - add --email option containing formatted message as only accepts one line at the mo...
442+
- [x] `Spoof-OWAEmailMessage` - add --email option containing formatted message as only accepts one line at the mo...
443443
- [x] `Deploy-MaliciousScript` - add input options to choose runAsAccount, enforceSignatureCheck, etc. and more assignment options
444+
- [x] `Get-DeviceConfigurationPolicies` - tidy up the templateReference and assignmentTarget output
444445
- New:
445446
- [ ] `Grant-AdminConsent` - grant admin consent for requested/applied admin app permissions
446447
- [ ] `Backdoor-Script` - first user downloads target script content then adds their malicious code, supply updated script as args, encodes then [patch](https://learn.microsoft.com/en-us/graph/api/intune-shared-devicemanagementscript-update?view=graph-rest-beta)

graphpython.py

Lines changed: 33 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -578,7 +578,7 @@ def main():
578578
graphpython.py --command invoke-search --search "credentials" --entity driveItem --token token
579579
graphpython.py --command invoke-customquery --query https://graph.microsoft.com/v1.0/sites/{siteId}/drives --token token
580580
graphpython.py --command assign-privilegedrole --token token
581-
graphpython.py --command spoof-owaemailmessage [--id <userid to spoof>] --token token
581+
graphpython.py --command spoof-owaemailmessage [--id <userid to spoof>] --token token --email email-body.txt
582582
graphpython.py --command get-manageddevices --token intune-token
583583
graphpython.py --command deploy-maliciousscript --script malicious.ps1 --token token
584584
graphpython.py --command add-exclusiongrouptopolicy --id <policyid> --token token
@@ -606,6 +606,7 @@ def main():
606606
parser.add_argument("--mail-folder", choices=['allitems', 'inbox', 'archive', 'drafts', 'sentitems', 'deleteditems', 'recoverableitemsdeletions'], help="Mail folder to dump (dump-owamailbox)")
607607
parser.add_argument("--top", type=int, help="Number (int) of messages to retrieve (dump-owamailbox)")
608608
parser.add_argument("--script", help="File containing the script content (deploy-maliciousscript)")
609+
parser.add_argument("--email", help="File containing OWA email message body content (spoof-owaemailmessage)")
609610
args = parser.parse_args()
610611

611612
if len(sys.argv) == 1:
@@ -3975,9 +3976,14 @@ def main():
39753976

39763977
# spoof-owaemailmessage
39773978
elif args.command and args.command.lower() == "spoof-owaemailmessage":
3979+
if not args.email:
3980+
print_red("[-] Error: --email argument is required for Spoof-OWAEmailMessage command")
3981+
return
3982+
39783983
print_yellow("\n[*] Spoof-OWAEmailMessage")
39793984
print("=" * 80)
39803985
api_url = "https://graph.microsoft.com/v1.0/me/sendMail"
3986+
39813987
if args.id:
39823988
api_url = f"https://graph.microsoft.com/v1.0/users/{args.id}/sendMail"
39833989
user_agent = get_user_agent(args)
@@ -3986,9 +3992,9 @@ def main():
39863992
'Content-Type': 'application/json',
39873993
'User-Agent': user_agent
39883994
}
3995+
39893996
try:
39903997
subject = input("\nEnter Subject: ").strip()
3991-
content = input("Enter Body Content: ").strip()
39923998
torecipients = input("Enter toRecipients (comma-separated): ").strip()
39933999
ccrecipients = input("Enter ccRecipients (comma-separated): ").strip()
39944000
savetf = input("Save To Sent Items (true/false): ").strip().lower() == 'false' # default
@@ -3998,12 +4004,14 @@ def main():
39984004
to_recipients = [{"emailAddress": {"address": email.strip()}} for email in torecipients.split(',') if email.strip()]
39994005
cc_recipients = [{"emailAddress": {"address": email.strip()}} for email in ccrecipients.split(',') if email.strip()]
40004006

4007+
content = read_file_content(args.email)
4008+
40014009
json_body = {
40024010
"message": {
40034011
"subject": subject,
40044012
"body": {
40054013
"contentType": "Text",
4006-
"content": content
4014+
"content": content
40074015
},
40084016
"toRecipients": to_recipients,
40094017
"ccRecipients": cc_recipients
@@ -4131,7 +4139,6 @@ def main():
41314139
print_yellow("\n[*] Get-DeviceConfigurationPolicies")
41324140
print("=" * 80)
41334141
api_url = "https://graph.microsoft.com/beta/deviceManagement/configurationPolicies"
4134-
41354142
if args.select:
41364143
api_url += "?$select=" + args.select
41374144

@@ -4156,6 +4163,10 @@ def main():
41564163
for key, value in policy.items():
41574164
print(f"{key} : {value}")
41584165

4166+
# Print template information
4167+
if 'templateReference' in policy and 'templateDisplayName' in policy['templateReference']:
4168+
print(f"template: {policy['templateReference']['templateDisplayName']}")
4169+
41594170
# display assignments for each policy
41604171
policy_id = policy.get('id')
41614172
if policy_id:
@@ -4165,20 +4176,30 @@ def main():
41654176
if assignments_response.status_code == 200:
41664177
assignments = assignments_response.json()
41674178
if not assignments.get('value'):
4168-
print_red("assignmentTarget: No assignments")
4179+
print_red("assignments: None")
41694180
else:
4181+
print_green("assignments:")
41704182
for assignment in assignments.get('value', []):
4171-
# Print assignmentTarget if 'target' exists in the assignment
41724183
if 'target' in assignment:
4173-
print_green(f"assignmentTarget : {assignment['target']}")
4174-
else:
4175-
print_red("assignmentTarget: No assignments")
4184+
target = assignment['target']
4185+
odata_type = target.get('@odata.type', '').split('.')[-1]
4186+
if odata_type == 'exclusionGroupAssignmentTarget':
4187+
group_id = target.get('groupId', 'N/A')
4188+
print(f"- Excluded Group ID: {group_id}")
4189+
elif odata_type == 'allLicensedUsersAssignmentTarget':
4190+
print("- Assigned to all users")
4191+
elif odata_type == 'allDevicesAssignmentTarget':
4192+
print("- Assigned to all devices")
4193+
elif odata_type == 'groupAssignmentTarget':
4194+
group_id = target.get('groupId', 'N/A')
4195+
print(f"- Assigned to Group ID: {group_id}")
4196+
else:
4197+
print(f"- {odata_type}: {target}")
41764198
else:
41774199
print_red(f"[-] Error: API request for assignments failed with status code {assignments_response.status_code}")
41784200
print("\n")
41794201
print("=" * 80)
41804202

4181-
41824203
# get-deviceconfigurationpolicysettings
41834204
elif args.command and args.command.lower() == "get-deviceconfigurationpolicysettings":
41844205
if not args.id:
@@ -5195,6 +5216,7 @@ def main():
51955216
else:
51965217
print_red(f"[-] Failed to retrieve current assignments: {response.status_code}")
51975218
print_red(response.text)
5219+
print("=" * 80)
51985220
return
51995221

52005222
try:
@@ -5286,7 +5308,7 @@ def main():
52865308
if response.status_code == 201:
52875309
print_green("\n[+] Script created successfully")
52885310
script_id = response.json().get('id')
5289-
print(f"Script ID: {script_id}")
5311+
print_green(f"[+] Script ID: {script_id}")
52905312

52915313
url_assign = f"https://graph.microsoft.com/beta/deviceManagement/deviceManagementScripts/{script_id}/assign"
52925314

0 commit comments

Comments
 (0)