Some scripts to utilise device code authorization for phishing.

Related tags

Authenticationdevicecode_phishing
Overview

OAuth Device Code Authorization Phishing

Some scripts to utilise device code authorization for phishing.

High level overview as per the instructions as: https://o365blog.com/post/phishing/

  1. An attacker connects to /devicecode endpoint and sends client_id and resource
  2. After receiving verification_uri and user_code, create an email containing a link to verification_uri and user_code, and send it to the victim. (delivering the phishing email is not in scope for this project)
  3. Victim clicks the link, provides the code and completes the sign in.
  4. The attacker receives access_token and refresh_token and can now mimic the victim (Interact with the various Microsoft API endpoints to perform various tasks).

Some of the API endpoints include:

Note: Uses version 1.0 which is different to v2.0 flow used in the documentation.

The official Microsoft Device Code Authorization Flow documentation can be found here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code

devicecode_phish.py

This script will first request the initial user_code from the Azure AD devicecode endpoint. Next, it will start polling Microsoft token endpoint (login.microsoftonline.com/Common/oauth2/token?api-version=1.0) for the authentication status using the interval value returned by the initial request (default every 5 seconds).

The script takes the following arguments:

Argument Default Value Required or Optional
-r or --resource graph.microsoft.com Optional
-c or --client_id d3590ed6-52b3-4102-aeff-aad2292ab01c Optional

Example:

python3 devicecode_phish.py
[*] User code: PF2PSG7LW
[*] User code expires at: 2021-10-21 15:03:00.206630
[*] Polling Microsoft for user authentication...
[*] Status: authorization_pending at 14:48:00

The attacker will need to send the verification_uri (https://microsoft.com/devicelogin) URI to the victim. This is the URI the user should go to with the user_code (PF2PSG7LW from the above example) in order to sign in.

Note: If the user authenticates with a personal account (on /common or /consumers), they will be asked to sign in again in order to transfer authentication state to the device. They will also be asked to provide consent, to ensure they are aware of the permissions being granted. This does not apply to work or school accounts used to authenticate.

refresh_tokens.py

This script is used to request new access & refresh tokens for different resources (Microsoft API endpoints).

Argument Default Value Required or Optional
-t or --refreshtoken - Required
-r or --resource - Required
-s or --scope openid Optional
-c or --client_id d3590ed6-52b3-4102-aeff-aad2292ab01c Optional

fetch_emails.py

Dump victims emails to file using an access token (must be valid for https://graph.microsoft.com resource).

Owner
Daniel Underhay
Daniel Underhay
GitHub Repository
JSON Web Token implementation in Python

PyJWT A Python implementation of RFC 7519. Original implementation was written by @progrium. Sponsor If you want to quickly add secure token-based aut

José Padilla 4.5k Jan 09, 2023
Boilerplate/Starter Project for building RESTful APIs using Flask, SQLite, JWT authentication.

auth-phyton Boilerplate/Starter Project for building RESTful APIs using Flask, SQLite, JWT authentication. Setup Step #1 - Install dependencies $ pip

sandhika 0 Aug 03, 2022
Django x Elasticsearch Templates

Django x Elasticsearch Requirements Python 3.7 Django = 3 Elasticsearch 7.15 Setup Elasticsearch Install via brew Install brew tap elastic/tap brew

Aji Pratama 0 May 22, 2022
A module making it easier to manage Discord oAuth with Quart

quart_discord A module making it easier to manage Discord oAuth with Quart Install pip install git+https://github.com/xelA/ 5 Oct 27, 2022

Python library for generating a Mastercard API compliant OAuth signature.

oauth1-signer-python Table of Contents Overview Compatibility References Usage Prerequisites Adding the Library to Your Project Importing the Code Loa

23 Aug 01, 2022
This script helps you log in to your LMS account and enter the currently running session

This script helps you log in to your LMS account and enter the currently running session, all in a second

Ali Ebrahimi 5 Sep 01, 2022
A flask extension for managing permissions and scopes

Flask-Pundit A simple flask extension to organize resource authorization and scoping. This extension is heavily inspired by the ruby Pundit library. I

Anurag Chaudhury 49 Dec 23, 2022
Simple implementation of authentication in projects using FastAPI

Fast Auth Facilita implementação de um sistema de autenticação básico e uso de uma sessão de banco de dados em projetos com tFastAPi. Instalação e con

3 Jan 08, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

Optiv Security 76 Jan 02, 2023
Social auth made simple

Python Social Auth Python Social Auth is an easy-to-setup social authentication/registration mechanism with support for several frameworks and auth pr

Matías Aguirre 2.8k Dec 24, 2022
Django-react-firebase-auth - A web app showcasing OAuth2.0 + OpenID Connect using Firebase, Django-Rest-Framework and React

Demo app to show Django Rest Framework working with Firebase for authentication

Teshank Raut 6 Oct 13, 2022
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 03, 2023
A simple Boilerplate to Setup Authentication using Django-allauth 🚀

A simple Boilerplate to Setup Authentication using Django-allauth, with a custom template for login and registration using django-crispy-forms.

Yasser Tahiri 13 May 13, 2022
Authentication Module for django rest auth

django-rest-knox Authentication Module for django rest auth Knox provides easy to use authentication for Django REST Framework The aim is to allow for

James McMahon 878 Jan 04, 2023
This app makes it extremely easy to build Django powered SPA's (Single Page App) or Mobile apps exposing all registration and authentication related functionality as CBV's (Class Base View) and REST (JSON)

Welcome to django-rest-auth Repository is unmaintained at the moment (on pause). More info can be found on this issue page: https://github.com/Tivix/d

Tivix 2.4k Jan 03, 2023
Social auth made simple

Python Social Auth Python Social Auth is an easy-to-setup social authentication/registration mechanism with support for several frameworks and auth pr

Matías Aguirre 2.8k Dec 24, 2022
Mock authentication API that acceccpts email and password and returns authentication result.

Mock authentication API that acceccpts email and password and returns authentication result.

Herman Shpryhau 1 Feb 11, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 01, 2023
Djagno grpc authentication service with jwt auth

Django gRPC authentication service STEP 1: Install packages pip install -r requirements.txt STEP 2: Make migrations and migrate python manage.py makem

Saeed Hassani Borzadaran 3 May 16, 2022
Multi-user accounts for Django projects

django-organizations Summary Groups and multi-user account management Author Ben Lopatin (http://benlopatin.com) Status Separate individual user ident

Ben Lopatin 1.1k Jan 02, 2023