策略引擎>> onedrive_user_enum>> 返回
项目作者: nyxgeek

项目描述 :
pentest tool to enumerate valid onedrive users
高级语言: Python
项目地址: git://github.com/nyxgeek/onedrive_user_enum.git
创建时间: 2019-03-05T08:54:38Z
项目社区:https://github.com/nyxgeek/onedrive_user_enum
开源协议:
下载


onedrive_user_enum v2.10

enumerate valid onedrive users

For a full rundown of the enumeration technique and OneDrive enum, check out the blog here:

https://www.trustedsec.com/blog/onedrive-to-enum-them-all/

If you are looking for the old, non-database vesion of OneDrive Enum, you can find it here: https://github.com/nyxgeek/simple_scanners

New features in 2.10:

  • Remote MySQL DB logging option — log to a remote database
  • PAUSEFILE — if pausefile is present (/tmp/PAUSEFILE), pause enumeration
  • Truncate userlist to x characters — johnsmith -> johnsmi

New features in 2.00:

  • Local Database (sqlite3)
  • Auto-lookup of tenants (thanks @DrAzureAD and @thetechr0mancer)
  • Read in file OR folder of files
  • Append — easily create ‘jsmith1’ ‘jsmith2’ sprays
  • Skip-Tried (de-dupe) — remove previously tried usernames
  • Kill-After — cancel a userlist if no usernames identified within ‘x’ attempts

OneDrive Enumeration overview:

OneDrive users have a file share URL with a known location:

https://acmecomputercompany-my.sharepoint.com/personal/lightmand_acmecomputercompany_com/_layouts/15/onedrive.aspx

In this instance, the username is ‘lightmand’ and the domain is ‘acmecomputercompany.com’. If a user has logged into OneDrive, this path will exist and return a 403 status code. If they have not, or the user is invalid, it will return a 404.

The results may vary depending on how widely used OneDrive is within an org. Currently it is the most reliable user-enumeration method that I’m aware of (office365userenum no longer works, and the others like UhOh365 are unreliable). Further, it does not attempt a login and is much more passive, and should be undetectable to the target org. Microsoft will see the hits, but the target org won’t.

usage:

  1.  # ./onedrive_enum.py -h
  3. *********************************************************************************************************
  5.                                          ██████               ███                          
  6.                                         ░░████               ░░░                           
  7.    ██████    █████████     ███████    ████████   █████████   ████   █████  █████   ███████ 
  8.   ███░░███  ░░███░░░███   ███░░░███  ███░░░███  ░░███░░░███ ░░███  ░░███  ░░███   ███░░░███
  9.  ░███  ░███  ░███  ░███  ░████████  ░███ ░░███   ░███  ░░░   ░███   ░███   ░███  ░████████ 
  10.  ░███  ░███  ░███  ░███  ░███░░░░   ░███ ░░███   ░███        ░███   ░░███  ███   ░███░░░   
  11.  ░░██████    ████  █████ ░░███████  ░░█████████  ██████      █████   ░░██████    ░░███████ 
  12.   ░░░░░░    ░░░░  ░░░░░   ░░░░░░░    ░░░░░░░░░  ░░░░░░      ░░░░░     ░░░░░░      ░░░░░░░  
  15.    ██████  ████████   █████ ████ █████████████      +-------------------------------------------------+
  16.   ███░░███░░███░░███ ░░███ ░███ ░░███░░███░░███     |               OneDrive Enumerator               |
  17.  ░███████  ░███ ░███  ░███ ░███  ░███ ░███ ░███     |           2023 @nyxgeek - TrustedSec            |
  18.  ░███░░░   ░███ ░███  ░███ ░███  ░███ ░███ ░███     |                 version 2.10                    |
  19.  ░░██████  ████ █████ ░░████████ █████░███ █████    |  https://github.com/nyxgeek/onedrive_user_enum  |
  20.   ░░░░░░  ░░░░ ░░░░░   ░░░░░░░░ ░░░░░ ░░░ ░░░░░     +-------------------------------------------------+
  22. *********************************************************************************************************
  23. usage: onedrive_enum.py [-h] -d  [-t] [-e] [-u] [-U] [-p] [-a] [-tr] [-T] [-r] [-x] [-n] [-m] [-o] [-k] [-v] [-D]
  25. options:
  26.   -h, --help           show this help message and exit
  27.   -d , --domain        target domain name (required)
  28.   -t , --tenant        tenant name
  29.   -e , --environment   Azure environment to target [commercial (default), chinese, gov]
  30.   -u , --username      user to target
  31.   -U , --userfile      file containing usernames (wordlists) -- will also take a directory
  32.   -p , --playlist      file containing list of paths to user lists (wordlists) to try
  33.   -a , --append        mutator: append a number, character, or string to a username
  34.   -tr , --truncate     truncate to x characters
  35.   -T , --threads       total number of threads (defaut: 100)
  36.   -r, --rerun          force re-run of previously tested tenant/domain/wordlist combination
  37.   -x, --skip-tried     dedupe. skip any usernames from previous runs
  38.   -n, --no-db          disable logging to db
  39.   -m , --mysql         file containing mysql data (db.conf)
  40.   -o , --output        file to append found users to
  41.   -k , --killafter     kill off non-productive jobs after x tries with no success
  42.   -v, --verbose        enable verbose output
  43.   -D, --debug          enable debug output

example - basic usage:

  1. # ./onedrive_enum.py -t microsoft -d microsoft.com -U USERNAMES/statistically-likely/jsmith.txt
  3. *********************************************************************************************************
  5.                                          ██████               ███                          
  6.                                         ░░████               ░░░                           
  7.    ██████    █████████     ███████    ████████   █████████   ████   █████  █████   ███████ 
  8.   ███░░███  ░░███░░░███   ███░░░███  ███░░░███  ░░███░░░███ ░░███  ░░███  ░░███   ███░░░███
  9.  ░███  ░███  ░███  ░███  ░████████  ░███ ░░███   ░███  ░░░   ░███   ░███   ░███  ░████████ 
  10.  ░███  ░███  ░███  ░███  ░███░░░░   ░███ ░░███   ░███        ░███   ░░███  ███   ░███░░░   
  11.  ░░██████    ████  █████ ░░███████  ░░█████████  ██████      █████   ░░██████    ░░███████ 
  12.   ░░░░░░    ░░░░  ░░░░░   ░░░░░░░    ░░░░░░░░░  ░░░░░░      ░░░░░     ░░░░░░      ░░░░░░░  
  15.    ██████  ████████   █████ ████ █████████████      +-------------------------------------------------+
  16.   ███░░███░░███░░███ ░░███ ░███ ░░███░░███░░███     |               OneDrive Enumerator               |
  17.  ░███████  ░███ ░███  ░███ ░███  ░███ ░███ ░███     |           2023 @nyxgeek - TrustedSec            |
  18.  ░███░░░   ░███ ░███  ░███ ░███  ░███ ░███ ░███     |                 version 2.10                    |
  19.  ░░██████  ████ █████ ░░████████ █████░███ █████    |  https://github.com/nyxgeek/onedrive_user_enum  |
  20.   ░░░░░░  ░░░░ ░░░░░   ░░░░░░░░ ░░░░░ ░░░ ░░░░░     +-------------------------------------------------+
  22. *********************************************************************************************************
  24. Beginning enumeration of https://microsoft-my.sharepoint.com/personal/USER_microsoft_com/
  25. --------------------------------------------------------------------------------------------------------
  26. [-] [403] VALID USERNAME FOR microsoft,microsoft.com - user1, username:user1@microsoft.com
  27. [-] [403] VALID USERNAME FOR microsoft,microsoft.com - user2, username:user2@microsoft.com
  28. [-] [403] VALID USERNAME FOR microsoft,microsoft.com - user3, username:user3@microsoft.com

example - mysql db logging:

  1. # ./onedrive_enum.py -t microsoft -d microsoft.com -U USERNAMES/statistically-likely/jsmith.txt -m db.conf
  3. *********************************************************************************************************
  5.                                          ██████               ███                          
  6.                                         ░░████               ░░░                           
  7.    ██████    █████████     ███████    ████████   █████████   ████   █████  █████   ███████ 
  8.   ███░░███  ░░███░░░███   ███░░░███  ███░░░███  ░░███░░░███ ░░███  ░░███  ░░███   ███░░░███
  9.  ░███  ░███  ░███  ░███  ░████████  ░███ ░░███   ░███  ░░░   ░███   ░███   ░███  ░████████ 
  10.  ░███  ░███  ░███  ░███  ░███░░░░   ░███ ░░███   ░███        ░███   ░░███  ███   ░███░░░   
  11.  ░░██████    ████  █████ ░░███████  ░░█████████  ██████      █████   ░░██████    ░░███████ 
  12.   ░░░░░░    ░░░░  ░░░░░   ░░░░░░░    ░░░░░░░░░  ░░░░░░      ░░░░░     ░░░░░░      ░░░░░░░  
  15.    ██████  ████████   █████ ████ █████████████      +-------------------------------------------------+
  16.   ███░░███░░███░░███ ░░███ ░███ ░░███░░███░░███     |               OneDrive Enumerator               |
  17.  ░███████  ░███ ░███  ░███ ░███  ░███ ░███ ░███     |           2023 @nyxgeek - TrustedSec            |
  18.  ░███░░░   ░███ ░███  ░███ ░███  ░███ ░███ ░███     |                 version 2.10                    |
  19.  ░░██████  ████ █████ ░░████████ █████░███ █████    |  https://github.com/nyxgeek/onedrive_user_enum  |
  20.   ░░░░░░  ░░░░ ░░░░░   ░░░░░░░░ ░░░░░ ░░░ ░░░░░     +-------------------------------------------------+
  22. *********************************************************************************************************
  23. Test connection to mysql db was successful!
  25. Beginning enumeration of https://microsoft-my.sharepoint.com/personal/USER_microsoft_com/
  26. --------------------------------------------------------------------------------------------------------
  27. [-] [403] VALID USERNAME FOR microsoft,microsoft.com - user1, username:user1@microsoft.com
  28. [-] [403] VALID USERNAME FOR microsoft,microsoft.com - user2, username:user2@microsoft.com
  29. [-] [403] VALID USERNAME FOR microsoft,microsoft.com - user3, username:user3@microsoft.com

Note: Users that are valid but who have not yet signed into OneDrive will return a 404 not found.

references

sHoUtOuTz aNd GrEeTz

Thanks to @DrAzureAD, @thetechr0mancer, @rootsecdev, @Oddvarmoe, @HackingLZ