Andy Robbins andyrobbins
andyrobbins
/ DiscoverT0SPs.ps1
Created Apr 5, 2022
View DiscoverT0SPs.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Function for getting an MS Graph Token | |
| Function Get-MSGraphToken { | |
| <# | |
| .DESCRIPTION | |
| Requests a token from STS with the MS Graph specified as the resource/intended audience | |
| #> | |
| [cmdletbinding()] | |
| param( | |
| [Parameter(Mandatory = $True)] | |
| [string] |
View GetACRTasks.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Function Get-ARMAPIToken { | |
| <# | |
| .DESCRIPTION | |
| Requests a token from STS with the MS Graph specified as the resource/intended audience | |
| #> | |
| [cmdletbinding()] | |
| param( | |
| [Parameter(Mandatory = $True)] | |
| [string] | |
| $ClientID, |
View psversiontable.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $psversiontable |
andyrobbins
/ API Abuse to GA.ps1
Created Dec 6, 2021
View API Abuse to GA.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Granting Global Admin rights by chaining AppRoleAssignment.ReadWrite.All into RoleManagement.ReadWrite.Directory | |
| # Helper function to let us parse Azure JWTs: | |
| function Parse-JWTtoken { | |
| <# | |
| .DESCRIPTION | |
| Decodes a JWT token. This was taken from link below. Thanks to Vasil Michev. | |
| .LINK | |
| https://www.michev.info/Blog/Post/2140/decode-jwt-access-and-id-tokens-via-powershell | |
| #> |
View AuditAppRoles.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Find dangerous API permissions as a user | |
| $AzureTenantID = '<Your tenant ID>' | |
| $AccountName = '<Username>@<Domain.com>' | |
| $Password = ConvertTo-SecureString '<Your password>' -AsPlainText -Force | |
| $Credential = New-Object System.Management.Automation.PSCredential($AccountName, $Password) | |
| Connect-AzAccount -Credential $Credential -TenantID $AzureTenantID | |
| function Get-AzureGraphToken | |
| { |
View computer-security-groups.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Groups | ||
|---|---|---|
| Domain Controllers | ||
| Read-Only Domain Controllers | ||
| Enterprise Domain Controllers | ||
| Cloneable Domain Controllers |
View security-groups.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Groups | ||
|---|---|---|
| Domain Admins | ||
| Enterprise Admins | ||
| Schema Admins | ||
| DNS Admins | ||
| Print Operators | ||
| Server Operators | ||
| Account Operators |
View targets.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Target Principals | ||
|---|---|---|
| Domain Admins | ||
| Enterprise Admins | ||
| Schema Admins | ||
| DNS Admins | ||
| Print Operators | ||
| Server Operators | ||
| Account Operators | ||
| The domain head object |
View audit-targets.csv
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Targets | |
| Domain Admins | |
| Enterprise Admins | |
| Schema Admins | |
| DNS Admins | |
| Print Operators | |
| Server Operators | |
| Account Operators | |
| The domain head object |
View origins-and-targets.csv
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Origin | Target | |
|---|---|---|
| Domain Users | Domain Admins | |
| Authenticated Users | Administrators | |
| Everyone | Enterprise Admins | |
| Domain Computers | Domain Controllers |
NewerOlder