# Get-CKOauth2PermissionGrants

## Metadata


|                   |    |
|:------------------|:---|
| platform          | Azure |
| contributors      | Roberto Rodriguez @Cyb3rWard0g,MSTIC R&D |
| creation date     | 2021-09-08 |
| modification date | 2021-09-08 |
| Tactics           | [TA0007](https://attack.mitre.org/tactics/TA0007) |
| Techniques        | [T1069.003](https://attack.mitre.org/techniques/T1069/003) |

## Description
A threat actor might want to retrieve a list of oAuth2PermissionGrant objects, representing delegated permissions which have been granted for client applications to access APIs on behalf of signed-in users..


## Run Simulation

### Get OAuth Access Token

In [None]:
from msal import PublicClientApplication
import requests
import time

function_app_url = "https://FUNCTION_APP_NAME.azurewebsites.net"

tenant_id = "TENANT_ID"
public_client_app_id = "KATANA_CLIENT_APP_ID"
server_app_id_uri = "api://" + tenant_id + "/cloudkatana"
scope = server_app_id_uri + "/user_impersonation"

app = PublicClientApplication(
    public_client_app_id,
    authority="https://login.microsoftonline.com/" + tenant_id
)
result = app.acquire_token_interactive(scopes=[scope])
bearer_token = result['access_token']

### Set Azure Function Orchestrator

In [None]:
endpoint = function_app_url + "/api/orchestrators/Orchestrator"

### Prepare HTTP Body

In [None]:
data = [{'activityFunction': 'Azure', 'type': 'action', 'action': 'Get-CKOauth2PermissionGrants', 'parameters': {'grantId': 'ENTER-VALUE', 'selectFields': 'ENTER-VALUE', 'filter': 'ENTER-VALUE', 'pageSize': 'ENTER-VALUE'}}]

### Send HTTP Request

In [None]:
http_headers = {'Authorization': 'Bearer ' + bearer_token, 'Accept': 'application/json','Content-Type': 'application/json'}
results = requests.get(endpoint, json=data, headers=http_headers, stream=False).json()

time.sleep(5)

### Explore Output

In [None]:
query_status = requests.get(results['statusQueryGetUri'], headers=http_headers, stream=False).json()
query_results = query_status['output']
query_results