Light

cybersecops / microsoft-teams-gifshell Goto Github PK

View Code? Open in Web Editor NEW

This project forked from bobbyrsec/microsoft-teams-gifshell

0.0 0.0 0.0 54 KB

Python 64.15% PowerShell 35.85%

microsoft-teams-gifshell's Introduction

Microsoft-Teams-GIFShell

Replication Steps:

There are a few prerequisites required to replicate the attack chain above:

The GIFShell Python script, which should be executed on the attacker’s machine
The GIFShell Powershell stager, executed on the victim’s machine
Two Microsoft Azure Organizations or Tenants. The attacker organization or tenant should have at least 2 users, and the victim organization should have at least 1 user. This is for testing the Microsoft Teams Work Edition
Two Microsoft Teams users for personal use. This is for testing the Microsoft Teams Home Edition
A Teams channel with a publicly available webhook
A GIF of your choice
A public facing IP which can be used as a listener for incoming web requests

Steps:

Open the Python script, and edit instances of the token variable with the skypetoken_asm cookie value from your authenticated browser session running Microsoft Teams as the attacker
Open Microsoft Teams as an attacker, and create a new chat with the victim. Look at the network traffic, and extract the Teams URL of this conversation. The URL should be in the form “https://amer.ng.msg.teams.microsoft.com/v1/users/ME/conversations/<unique-identifier>@unq.gbl.spaces/messages”
Open the GIFShell Python script, and edit instances of the burp_url variable with the URL from Step #2
Open the Microsoft Teams chat associated with the webhook created by the attacker, in the authenticated browser session running Microsoft Teams as the attacker
Run the GIFShell Python script on the attacking machine - this will create a prompt to enter desired commands to be run on the victim’s machine.
Open the GIFShell Powershell stager script, and edit the $originalendpoint and $gifendpoint variables, changing the domain to the public IP address of the attacking machine
Open The GIFShell Powershell stager script, and edit the $response variable, changing the webhook, to the value of the attacker’s publicly available webhook
Run the Powershell stager script on the victim’s machine
Execute the desired commands in the GIFShell Python script prompt
Ensure that while the desired commands are being executed, the Teams application is open to the chat associated with the publicly available webhook.

microsoft-teams-gifshell's People

Contributors

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.