TokenTactics : Azure JWT Token Manipulation Toolset

TokenTactics is a Azure JSON Web Token (“JWT”) Manipulation Toolset.

Azure access tokens allow you to authenticate to certain endpoints as a user who signs in with a device code. Even if they used multi-factor authentication. Once you have a user’s access token, it may be possible to access certain apps such as Outlook, SharePoint, OneDrive, MSTeams and more.

For instance, if you have a Graph or MSGraph token, you can then connect to Azure and dump users, groups, etc. You could then, depending on conditional access policies, switch to an Azure Core Management token and run AzureHound. Then, switch to an Outlook token and read/send emails or MS Teams and read/send teams messages!

For more on Azure token types Microsoft identity platform access tokens

There are some example requests to endpoints in the resources folder. There is also an example phishing template for device code phishing.

You may also use these tokens with AAD Internals as well. We strongly recommended to check this amazing tool out.

Installation And Usage

Import-Module .\TokenTactics.psd1

Get-Help Get-Azure-Token

RefreshTo-SubstrateToken

Generate Device Code

Get-AzureToken -Client MSGraph Once the user has logged in, you’ll be presented with the JWT and it will be saved in the $response variable. To access the access token use $response.access_token from your PowerShell window to display the token. You may also display the refresh token with $response.refresh_token. Hint: You’ll want the refresh token to keep refreshing to new tokens!

DOD/Mil Device Code

Get-AzureToken -Client DODMSGraph

Refresh or Switch Tokens

RefreshTo-OutlookToken -domain myclient.org -refreshToken ey..

$OutlookToken.access_token

Connect

Connect-AzureAD -AadAccessToken $response.access_token -AccountId user@myclient.org

Clear tokens

Clear-Token -Token All

Commands

Get-Command -Module TokenTactics
CommandType Name Version Source
———– —- ——- ——
Function Clear-Token 0.0.1 TokenTactics
Function Dump-OWAMailboxViaMSGraphApi 0.0.1 TokenTactics
Function Forge-UserAgent 0.0.1 TokenTactics
Function Get-AzureToken 0.0.1 TokenTactics
Function Get-TenantID 0.0.1 TokenTactics
Function Open-OWAMailboxInBrowser 0.0.1 TokenTactics
Function Parse-JWTtoken 0.0.1 TokenTactics
Function RefreshTo-AzureCoreManagementToken 0.0.1 TokenTactics
Function RefreshTo-AzureManagementToken 0.0.1 TokenTactics
Function RefreshTo-DODMSGraphToken 0.0.1 TokenTactics
Function RefreshTo-GraphToken 0.0.1 TokenTactics
Function RefreshTo-MAMToken 0.0.1 TokenTactics
Function RefreshTo-MSGraphToken 0.0.1 TokenTactics
Function RefreshTo-MSManageToken 0.0.1 TokenTactics
Function RefreshTo-MSTeamsToken 0.0.1 TokenTactics
Function RefreshTo-O365SuiteUXToken 0.0.1 TokenTactics
Function RefreshTo-OfficeAppsToken 0.0.1 TokenTactics
Function RefreshTo-OfficeManagementToken 0.0.1 TokenTactics
Function RefreshTo-OutlookToken 0.0.1 TokenTactics
Function RefreshTo-SubstrateToken 0.0.1 TokenTactics

R K

Recent Posts

Set Up Nginx Server Blocks on Ubuntu 18.04: Host Multiple Sites

Nginx server blocks let you run more than one website on a single server. Each block…

4 hours ago

Install Tor Browser on Ubuntu 18.04: Anonymous Browsing Guide

Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…

4 hours ago

Install Vagrant on Ubuntu 18.04: Complete Setup Guide for Developers

Vagrant is a command-line tool that makes it easy to build and manage virtual machine environments.…

6 hours ago

Install VMware Tools on Ubuntu 18.04: Open VM Tools and ISO Guide

VMware Tools is a set of drivers and services that improves the performance of an Ubuntu…

6 hours ago

Install Apache Maven on Ubuntu 18.04: Stable or Latest Version

Java developers use project management tools to automate building their applications. Apache Maven is an open source…

6 hours ago

Install Mono on Ubuntu 18.04: C# Compiler and Runtime Guide

Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…

1 day ago