Skip to main content

Microsoft365 Device Code Phishing Framework

Project description

Solenya - M365 Device Code Phishing Framework

Solenya is a CLI tool which provides a framework to perform M365 device code phishing. As defined in RFC8628, an attacker can perform a social engineering attack by instructing a target to register a malicious application using a device code.

DISCLAIMER: The contributors are not responsible for any malicious use of the tool. The tool is developed for educational purposes and should be used solely by defenders or authorized testers.

Prerequisites

By default, Microsoft allows any user to add new applications to their M365 profile. Below, is a screenshot of a fresh deployment of an Azure subscription.

default_permissions

Installation

The package requires Python 3.7 or higher.

Install latest version from PyPI: pip install solenya

Usage

The CLI tool works with Targets, which are objects contained inside a WorkSpace. The WorkSpace contains the tool's database and other resources, while Targets represent M365 accounts.

Creating a Workspace

The wsp command is responsible for initializing the WorkSpace. The tool leverages an SQLite database to store target information. By default the command will create a folder .sol inside the current current directory.

$ sol wsp c0785c37-5fb1-4ffb-8769-8e9b05ac4e80

Managing Targets

The target command can add additional targets and remove or reset existing ones. The command will automatically reach out to Microsoft Online API and create a user code and a device code, which will both be stored in the database.

$ sol target jaguar rat

The wsp command automatically created a target called default. To switch to a different target use the switch command.

$ sol switch jaguar

User codes and device codes expire after 15 minutes. To reset the device code on the target or delete the target entirely set the following flags.

$ sol target -d default
$ sol target -ra 

Gathering OAuth Access Tokens

The auth command is responsible for authenticating targets registered with the WorkSpace. Run the phish sub command and wait for your targets to enter the user code.

$ sol auth phish -ma

The Oauth2 tokens (access token and refresh token) with access to the target's Office account will be retrieved from the API and saved the WorkSpace database. The access tokens can be refreshed using the refresh command.

$ sol auth refresh -a

Dumping Data

Once the target is authenticated the dump command can be used to dump information from the Graph API.

$ sol dump emails

Exporting Targets

All the data on the targets, such as access token, device code, refresh token, user code and their respective timestamps can be exported using the export command.

$ sol export -a

Contact

Acknowledgements

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

solenya-0.1.8.tar.gz (17.2 kB view details)

Uploaded Source

Built Distribution

solenya-0.1.8-py3-none-any.whl (29.0 kB view details)

Uploaded Python 3

File details

Details for the file solenya-0.1.8.tar.gz.

File metadata

  • Download URL: solenya-0.1.8.tar.gz
  • Upload date:
  • Size: 17.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.2 CPython/3.7.6

File hashes

Hashes for solenya-0.1.8.tar.gz
Algorithm Hash digest
SHA256 e2c3c97a3204aa4aaf93b528aa8e7532a018dad9f63eff187f501215d7f1370d
MD5 8d6d31d0253325786af28e25d88540e4
BLAKE2b-256 f4e15f5914c2a75584205f2ac221d853a5172b325ef37aa3a4330fcaca8bb2f6

See more details on using hashes here.

File details

Details for the file solenya-0.1.8-py3-none-any.whl.

File metadata

  • Download URL: solenya-0.1.8-py3-none-any.whl
  • Upload date:
  • Size: 29.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.4.2 importlib_metadata/4.8.1 pkginfo/1.7.1 requests/2.26.0 requests-toolbelt/0.9.1 tqdm/4.62.2 CPython/3.7.6

File hashes

Hashes for solenya-0.1.8-py3-none-any.whl
Algorithm Hash digest
SHA256 be106715fe8e932448c981a891fe1cb458d8e0e031c329f0cfd96be9b4f76fe5
MD5 07dc20ef787459cf2ea89fc3cba738c2
BLAKE2b-256 0f61617159d3103c4d19537271951ca9f25946b4ccf7457968dc1e532d2c1009

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page