Giter VIP home page Giter VIP logo

microsoft-teams-gifshell's Introduction

Microsoft-Teams-GIFShell

Replication Steps:

There are a few prerequisites required to replicate the attack chain above:

  • The GIFShell Python script, which should be executed on the attacker’s machine

  • The GIFShell Powershell stager, executed on the victim’s machine

  • Two Microsoft Azure Organizations or Tenants. The attacker organization or tenant should have at least 2 users, and the victim organization should have at least 1 user. This is for testing the Microsoft Teams Work Edition

  • Two Microsoft Teams users for personal use. This is for testing the Microsoft Teams Home Edition

  • A Teams channel with a publicly available webhook

  • A GIF of your choice

  • A public facing IP which can be used as a listener for incoming web requests

Steps:

  1. Open the Python script, and edit instances of the token variable with the skypetoken_asm cookie value from your authenticated browser session running Microsoft Teams as the attacker

  2. Open Microsoft Teams as an attacker, and create a new chat with the victim. Look at the network traffic, and extract the Teams URL of this conversation. The URL should be in the form “https://amer.ng.msg.teams.microsoft.com/v1/users/ME/conversations/<unique-identifier>@unq.gbl.spaces/messages”

  3. Open the GIFShell Python script, and edit instances of the burp_url variable with the URL from Step #2

  4. Open the Microsoft Teams chat associated with the webhook created by the attacker, in the authenticated browser session running Microsoft Teams as the attacker

  5. Run the GIFShell Python script on the attacking machine - this will create a prompt to enter desired commands to be run on the victim’s machine.

  6. Open the GIFShell Powershell stager script, and edit the $originalendpoint and $gifendpoint variables, changing the domain to the public IP address of the attacking machine

  7. Open The GIFShell Powershell stager script, and edit the $response variable, changing the webhook, to the value of the attacker’s publicly available webhook

  8. Run the Powershell stager script on the victim’s machine

  9. Execute the desired commands in the GIFShell Python script prompt

  10. Ensure that while the desired commands are being executed, the Teams application is open to the chat associated with the publicly available webhook.

microsoft-teams-gifshell's People

Contributors

bobbyrsec avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.