From c80dbcfdd2de3bedb33e5aeef05eb7a68a74c9f5 Mon Sep 17 00:00:00 2001 From: Jaime Polop <117489620+JaimePolop@users.noreply.github.com> Date: Mon, 27 Jan 2025 02:10:28 +0100 Subject: [PATCH 1/2] Update az-azuread.md --- .../azure-security/az-services/az-azuread.md | 171 +++++++++++++++++- 1 file changed, 170 insertions(+), 1 deletion(-) diff --git a/src/pentesting-cloud/azure-security/az-services/az-azuread.md b/src/pentesting-cloud/azure-security/az-services/az-azuread.md index 12cbd91aa5..d8e4dc58d2 100644 --- a/src/pentesting-cloud/azure-security/az-services/az-azuread.md +++ b/src/pentesting-cloud/azure-security/az-services/az-azuread.md @@ -149,6 +149,34 @@ curl "$IDENTITY_ENDPOINT?resource=https://management.azure.com&api-version=2017- curl "$IDENTITY_ENDPOINT?resource=https://vault.azure.net&api-version=2017-09-01" -H secret:$IDENTITY_HEADER ``` +{{#endtab }} +{{#tab name="MS Graph" }} + +```powershellGet-MgTenantRelationshipDelegatedAdminCustomer +# Install the Microsoft Graph PowerShell module if not already installed +Install-Module Microsoft.Graph -Scope CurrentUser + +# Import the module +Import-Module Microsoft.Graph + +# Login to Microsoft Graph +Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All", "Directory.Read.All" + +# Enumerate available commands in Microsoft Graph PowerShell +Get-Command -Module Microsoft.Graph* + +# Example: List users +Get-MgUser -All + +# Example: List groups +Get-MgGroup -All + +# Example: Get roles assigned to a user +Get-MgUserAppRoleAssignment -UserId + +# Disconnect from Microsoft Graph +Disconnect-MgGraph +``` {{#endtab }} {{#tab name="Azure AD" }} @@ -266,6 +294,35 @@ curl -X GET "https://graph.microsoft.com/beta/roleManagement/directory/roleDefin {{#endtab }} +{{#tab name="MS Graph" }} + +```powershell +# Enumerate users using Microsoft Graph PowerShell +Get-MgUser -All + +# Get user details +Get-MgUser -UserId "test@corp.onmicrosoft.com" | Format-List * + +# Search "admin" users +Get-MgUser -All | Where-Object { $_.DisplayName -like "*test*" } | Select-Object DisplayName + +# Search attributes containing the word "password" +Get-MgUser -All | Where-Object { $_.AdditionalProperties.PSObject.Properties.Name -contains "password" } + +# All users from Entra ID +Get-MgUser -Filter "startswith(userPrincipalName, 't')" -All | Select-Object DisplayName, UserPrincipalName + +# Get groups where the user is a member +Get-MgUserMemberOf -UserId + +# Get roles assigned to the user in Entra ID +Get-MgUserAppRoleAssignment -UserId + +# List available commands in Microsoft Graph PowerShell +Get-Command -Module Microsoft.Graph.Users +``` +{{#endtab }} + {{#tab name="Azure AD" }} ```bash @@ -396,7 +453,34 @@ Get-AzRoleAssignment -ResourceGroupName ``` {{#endtab }} +{{#tab name="MS Graph" }} + +```powershell +# Enumerate groups using Microsoft Graph PowerShell +Get-MgGroup -All + +# Get group details +Get-MgGroup -GroupId | Format-List * + +# Search "admin" groups +Get-MgGroup -All | Where-Object { $_.DisplayName -like "*admin*" } | Select-Object DisplayName +# Get members of a group +Get-MgGroupMember -GroupId -All + +# Get groups a group is member of +Get-MgGroupMemberOf -GroupId + +# Get roles assigned to the group in Entra ID +Get-MgGroupAppRoleAssignment -GroupId + +# Get group owner +Get-MgGroupOwner -GroupId + +# List available commands in Microsoft Graph PowerShell +Get-Command -Module Microsoft.Graph.Groups +``` +{{#endtab }} {{#tab name="Azure AD" }} ```bash @@ -504,6 +588,31 @@ $RequestParams = @{ (Invoke-RestMethod @RequestParams).value ``` +{{#endtab }} +{{#tab name="MS Graph" }} + +```powershell +# Get Service Principals using Microsoft Graph PowerShell +Get-MgServicePrincipal -All + +# Get details of one Service Principal +Get-MgServicePrincipal -ServicePrincipalId | Format-List * + +# Search SP by display name +Get-MgServicePrincipal -All | Where-Object { $_.DisplayName -like "*app*" } | Select-Object DisplayName + +# Get owner of Service Principal +Get-MgServicePrincipalOwner -ServicePrincipalId + +# Get objects owned by a Service Principal +Get-MgServicePrincipalOwnedObject -ServicePrincipalId + +# Get groups where the SP is a member +Get-MgServicePrincipalMemberOf -ServicePrincipalId + +# List available commands in Microsoft Graph PowerShell +Get-Command -Module Microsoft.Graph.ServicePrincipals +``` {{#endtab }} {{#tab name="Azure AD" }} @@ -691,6 +800,26 @@ Get-AzADAppCredential {{#endtab }} +{{#tab name="MS Graph" }} + +```powershell +# List Applications using Microsoft Graph PowerShell +Get-MgApplication -All + +# Get application details +Get-MgApplication -ApplicationId 7861f72f-ad49-4f8c-96a9-19e6950cffe1 | Format-List * + +# Search App by display name +Get-MgApplication -Filter "startswith(displayName, 'app')" | Select-Object DisplayName + +# Get owner of an application +Get-MgApplicationOwner -ApplicationId + +# List available commands in Microsoft Graph PowerShell +Get-Command -Module Microsoft.Graph.Applications +``` +{{#endtab }} + {{#tab name="Azure AD" }} ```bash @@ -770,11 +899,32 @@ az role assignment list --all --query "[].{principalName:principalName,principal # Get all the roles assigned to a user az role assignment list --assignee "" --all --output table # Get all the roles assigned to a user by filtering -az role assignment list --all --query "[?principalName=='carlos@carloshacktricks.onmicrosoft.com']" --output table +az role assignment list --all --query "[?principalName=='admin@organizationadmin.onmicrosoft.com']" --output table ``` {{#endtab }} +{{#tab name="MS Graph" }} + +```powershell + +# List all available role templates using Microsoft Graph PowerShell +Get-MgDirectoryRoleTemplate -All + +# List enabled built-in Entra ID roles +Get-MgDirectoryRole -All + +# List all Entra ID roles with their permissions (including custom roles) +Get-MgDirectoryRoleDefinition -All + +# List members of a Entra ID role +Get-MgDirectoryRoleMember -DirectoryRoleId -All + +# List available commands in Microsoft Graph PowerShell +Get-Command -Module Microsoft.Graph.Identity.DirectoryManagement +``` +{{#endtab }} + {{#tab name="Az" }} ```bash @@ -894,6 +1044,25 @@ Get-AzureADMSScopedRoleMembership -Id | fl * # If you know how to do this send a PR! ``` +{{#endtab }} +{{#tab name="MS Graph" }} + +```powershell +# Enumerate devices using Microsoft Graph PowerShell +Get-MgDevice -All + +# Get device details +Get-MgDevice -DeviceId | Format-List * + +# Get devices managed using Intune +Get-MgDevice -Filter "isCompliant eq true" -All + +# Get devices owned by a user +Get-MgUserOwnedDevice -UserId test@corp.onmicrosoft.com + +# List available commands in Microsoft Graph PowerShell +Get-Command -Module Microsoft.Graph.Identity.DirectoryManagement +``` {{#endtab }} {{#tab name="Azure AD" }} From 69a40ce545562c55966d83fe939ef4e8d11444c0 Mon Sep 17 00:00:00 2001 From: Jaime Polop <117489620+JaimePolop@users.noreply.github.com> Date: Mon, 27 Jan 2025 11:58:13 +0100 Subject: [PATCH 2/2] Update az-azuread.md --- .../azure-security/az-services/az-azuread.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/pentesting-cloud/azure-security/az-services/az-azuread.md b/src/pentesting-cloud/azure-security/az-services/az-azuread.md index d8e4dc58d2..1cfedb5d7f 100644 --- a/src/pentesting-cloud/azure-security/az-services/az-azuread.md +++ b/src/pentesting-cloud/azure-security/az-services/az-azuread.md @@ -152,7 +152,8 @@ curl "$IDENTITY_ENDPOINT?resource=https://vault.azure.net&api-version=2017-09-01 {{#endtab }} {{#tab name="MS Graph" }} -```powershellGet-MgTenantRelationshipDelegatedAdminCustomer +```bash +Get-MgTenantRelationshipDelegatedAdminCustomer # Install the Microsoft Graph PowerShell module if not already installed Install-Module Microsoft.Graph -Scope CurrentUser @@ -296,7 +297,7 @@ curl -X GET "https://graph.microsoft.com/beta/roleManagement/directory/roleDefin {{#tab name="MS Graph" }} -```powershell +```bash # Enumerate users using Microsoft Graph PowerShell Get-MgUser -All @@ -455,7 +456,7 @@ Get-AzRoleAssignment -ResourceGroupName {{#endtab }} {{#tab name="MS Graph" }} -```powershell +```bash # Enumerate groups using Microsoft Graph PowerShell Get-MgGroup -All @@ -591,7 +592,7 @@ $RequestParams = @{ {{#endtab }} {{#tab name="MS Graph" }} -```powershell +```bash # Get Service Principals using Microsoft Graph PowerShell Get-MgServicePrincipal -All @@ -802,7 +803,7 @@ Get-AzADAppCredential {{#tab name="MS Graph" }} -```powershell +```bash # List Applications using Microsoft Graph PowerShell Get-MgApplication -All @@ -906,7 +907,7 @@ az role assignment list --all --query "[?principalName=='admin@organizationadmin {{#tab name="MS Graph" }} -```powershell +```bash # List all available role templates using Microsoft Graph PowerShell Get-MgDirectoryRoleTemplate -All @@ -1047,7 +1048,7 @@ Get-AzureADMSScopedRoleMembership -Id | fl * {{#endtab }} {{#tab name="MS Graph" }} -```powershell +```bash # Enumerate devices using Microsoft Graph PowerShell Get-MgDevice -All