Skip to content

Semperis/HiddenConsentGrant

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
maintanance.html
maintanance.html
 
 
server.cert
server.cert
 
 
server.key
server.key
 
 
server.py
server.py
 
 

Repository files navigation

HiddenConsentGrant

This code exploits the hidden consent grant attack which leverages the Directory.ReadWrite.all application permission.

Pre-requirements

  1. Create certificate and private key (or use the given pair of certificate and key from the repository).
  2. Update client secret and user id in the code.

Usage

  1. Run the tool
  python server.py
  1. Launch the "non-malicious" page.
  2. get the access tokens
  3. have fun!

About

Part of an Directory.ReadWrite.All abuse in Entra ID

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages