search

Gerenios / AADInternals

AADInternals PowerShell module for administering Azure AD and Office 365
http://aadinternals.com/aadinternals
MIT License
1.24k stars 214 forks source link

Retrieve tokens after user is phished #35

Closed jon-witte closed 1 year ago

jon-witte commented 2 years ago

Hello,

I have been testing out the phishing function and it's working as expected. Once I have the token though it only seems like I can run a small set of insider commands. for example, I can run Invoke-AADIntReconAsInsider just fine, but Get-AADIntGlobalAdmins returns an error saying it can't find an access token. if I run Get-AADIntCache I see the tokens, so not sure why the other insider commands are not running as expected, maybe i'm missing a step in between.

also somewhat related but after i phish the user and grab the token, I run Open-AADIntOWA but it does not open the user's mailbox who i phished, but my work inbox. Thank you for the tool!

NestoriSyynimaa commented 1 year ago

I'll be refactoring the access token handling in next versions, that should fix the situation you described.

Open-AADIntOWA behaviour seems to be a bit odd, Microsoft must have changed something 😊