Replication of the things the tool does manually

[LaRancion]

So I'm trying to replicate what the tool does manually to fully understand what's behind it, also with the help of the articles linked

What I'm trying to do is to add the attachment after sending the message with burp suite.

What's not clear to me is how you came up with the crafting of the body especially the file part in the properties.

On my side I inserted a print to retrieve the body from Teamphisher so I can reuse it on burp Then I inserted the file part in my intercepted part on burp but as you might guess it's not working and I think I'm doing something wrong

Let me know if you want more info or u want me to reach u privately

[Octoberfest7]

In a chat with another user within your own tenant in Teams, use the GUI to attach a file like you normally would. Intercept that request and you'll be able to see how Teams crafts the post request. I used this as the template to craft the one used in this tool.

[LaRancion]

I mean, kinda obvious but not for me I guess lol. I'm dumb

[LaRancion]

thank you I was able to replicate the attachment part.

I was now trying to remove the external parts in the message (that seemed to op) I inserted this code in the content part as in the article https://posts.inthecyber.com/leveraging-microsoft-teams-for-initial-access-42beb07f12c4 but seemed to obv as it modifies the stuff inside the message (as its supposed to be seeing what i modified).

did you try it? i missed something? because to me it creates the things inside the message box

[Octoberfest7]

I spoke with Andrea about that during the development of TeamsPhisher as I experienced the same thing; he confirmed that the position absolute CSS directive no longer works.

[LaRancion]

oh ok that would have been so powerful