mdsecactivebreach / o365-attack-toolkit Goto Github PK

I seem to be getting some invalid memory address or nil pointer dereference and no such table: users - below are my errors, any idea on the issue? I used to use the old version for engagements before with good success do not want to revert I would like to try this new version.

Hey.

I'm having issues capturing tokens. My setup is similar to the recommended one, redirector and server.

The two issues I've had are the following:

1. When I click the 10.10.10.10:1337/gettoken link (using redirector or not) I get redirected to office.com and the application backend tells me "successful authentication from:" - it looks like the redirect happens before the user actually authenticates, which might be due to the app registration I suppose. I'm planning on trying to make a new app registration to test this out with a new tenant.
2. When I try selecting "view emails" the application throws an error and crashes, the errors message is "open template/live.html: no such file or directory". Might be related to the fact that the user is basically "empty" at this point.

cd %GOPATH%
git clone https://github.com/mdsecactivebreach/o365-attack-toolkit
cd o365-attack-toolkit
dep ensure
go build

when I run this command till dep ensure everything is fine.

But when I run go build I'm getting this error's.

go: cannot find main module, but found Gopkg.lock in C:\Users\Administrator\Desktop\go-workspace\src\o365-attack-toolkit-master
to create a module there, run:
go mod init

Kindly assist me what wrong I'm doing.

My Go env:

C:\Users\Administrator>go env
set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\Administrator\AppData\Local\go-build
set GOENV=C:\Users\Administrator\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Users\Administrator\Desktop\go-workspace\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=C:\Users\Administrator\Desktop\go-workspace
set GOPRIVATE=
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=c:\go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLDIR=c:\go\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.19.3
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=NUL
set GOWORK=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fno-caret-diagnostics -Qunused-arguments -Wl,--no-gc-sections -fmessage-length=0 -fdebug-prefix-map=C:\Users\ADMINI~1\AppData\Local\Temp\2\go-build1762402791=/tmp/go-build -gno-record-gcc-switches

Kindly check if this an issue with current version of Go or with every version of Go Lang.

Is it possible to start the external server using https, I've seen the configuration in http.go and uncommented it and recomplied, but cannot get a TLS server running.. What am I missing.. Any help appreciated..

AADSTS700016: Application with identifier '************************************ was not found in the directory 'i*********************. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

This issue is being faced on a new install. I can fix the issue by running the sql commands on the db file. it will fix the issue but I think there is something affecting db read and write.

Go Lang Ver: Tried 1.13.1 & 1.14.6

Error:
2020/07/17 09:44:48 Error : no such table: users
2020/07/17 09:44:48 http: panic serving 127.0.0.1:41396: runtime error: invalid memory address or nil pointer dereference
goroutine 34 [running]:
net/http.(*conn).serve.func1(0xc000160000)
/usr/local/go/src/net/http/server.go:1767 +0x139
panic(0x907c80, 0xefe050)
/usr/local/go/src/runtime/panic.go:679 +0x1b2
database/sql.(*Rows).Next(0x0, 0x1)
/usr/local/go/src/database/sql/sql.go:2744 +0x30
o365-attack-toolkit/database.GetUsers(0xc000166080, 0x2, 0x2)
/home/max/go/src/o365-attack-toolkit/database/users.go:21 +0xfb
o365-attack-toolkit/server.GetUsers(0xa30c20, 0xc000188000, 0xc00017c200)
/home/max/go/src/o365-attack-toolkit/server/handlers.go:45 +0x74
net/http.HandlerFunc.ServeHTTP(0x9ab430, 0xa30c20, 0xc000188000, 0xc00017c200)
/usr/local/go/src/net/http/server.go:2007 +0x44
o365-attack-toolkit/vendor/github.com/gorilla/mux.(*Router).ServeHTTP(0xc0000f00c0, 0xa30c20, 0xc000188000, 0xc00017c000)
/home/max/go/src/o365-attack-toolkit/vendor/github.com/gorilla/mux/mux.go:212 +0xe2
net/http.serverHandler.ServeHTTP(0xc0001041c0, 0xa30c20, 0xc000188000, 0xc00017c000)
/usr/local/go/src/net/http/server.go:2802 +0xa4
net/http.(*conn).serve(0xc000160000, 0xa319a0, 0xc000168000)
/usr/local/go/src/net/http/server.go:1890 +0x875
created by net/http.(*Server).Serve
/usr/local/go/src/net/http/server.go:2927 +0x38e

templates/live.html not found in directory

please i have been trying to install the office 365 attack tool kit on my windows command prompt but i have been having issues with it, or should i do that with powershell or on kali linux

The external site is hosted on / which means any web crawler is going to hit the signin page.

Its surprisingly painful to reverse proxy a vanity URL infront of it because any requests to 127.0.0.1:30662/index.html get 301 redirected to ./.

Trying to add a different route via modifying the ExtMainPage function also just caused pain and frustration but Im not familar with the middleware :)

I worked around this by moving index.html -> signin.html

After obtaining access token when I try search emails of files application crashes with: "open templates/live.html: no such file or directory"
Moreover when I send email, after clicking sent I get 404 page not found error:

Hello

I have a problem with deployment. I have a Ubuntu Desktop 20.04 LTS (same issue on Ubuntu Server 18.04 LTS without GUI) and I can not build a new version of O365-Attack-Toolkit.

go ver -> go version go1.12.2 gccgo (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0 linux/amd64
uname -a -> Linux UClient 5.4.0-52-generic #57-Ubuntu SMP Thu Oct 15 10:57:00 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
libc --> GNU C Library (Ubuntu GLIBC 2.31-0ubuntu9.1) stable release version 2.31.

My go Variables and path
GOPATH="/home/adminlab/go"
GOROOT="/usr"

Root O365 Attack Toolkit is here /home/adminlab/go/src/o365-attack-toolkit

The system returns this error after "go build". I have the same error if I use the user or root. Error is below.

adminlab@UClient: ~/go/src/o365-attack-toolkit$ go build
o365-attack-toolkit
/bin/ld: $WORK/b001/pkg1.a(_x011.o): undefined reference to symbol 'pthread_mutex_trylock@@GLIBC_2.2.5'
/bin/ld: /lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status

I think the new version has bugs. I could not deploy the new version and therefore use the previous version. I fixed bugs in the old version. Could you share with us the procedure for the correct deployment of the new version? Could you have written on which versions the application works?

1. I can not public new version to internet (External server listen on 127.0.0.1, after change to 0.0.0.0, then server start, but Extranet websites doesn't work)
2. Where is static/index.html? External server return 404
3. for installation GO must use https://medium.com/dev-genius/installing-go-on-ubuntu-b443a8f0eb55 and install golang-go, gccgo-go, go-dep, git

Quickly hacked this together. Will pull down all the most relevant contacts for the user.

func GetContacts(user model.User){
        fmt.Println("Retrieving user contacts")
        messagesResponse := CallApiMethod("GET","/me/people",user.AccessToken,"",nil,"")
        ioutil.WriteFile(fmt.Sprintf("user.contacts.%s",user.UserPrincipalName), []byte(messagesResponse), 0644)
}

requires the People.Read.All permission.

Dont know what happens if you get a large number of users - need to work out paging results.

Probably want to hit Directory.AccessAsUser.All and https://graph.microsoft.com/v1.0/users

I receive an error when I run the go build command. The error is related to GCC for the component: o365-attack-toolkit/vendor/github.com/mattn/go-sqlite3

More details of the bug are mentioned later in this post.

I am using Windows 7 x64 OS.

I used the following steps:

1. Installed Go in the path: C:\go

2. Created a directory called C:\go-work

Added the above path to GOPATH environment variable for the current user

echo %GOPATH% shows the output as: "C:\go-work"

3. cd %GOPATH%

4. git clone https://github.com/mdsecactivebreach/o365-attack-toolkit

5. cd o365-attack-toolkit

6. dep ensure command here gives me the following error:

root project import: C:\go-work\o365-attack-toolkit is not within any GOPATH/src

To resolve the above issue, I moved the entire o365-attack-toolkit directory to the c:\go-work\src

7. cd C:\go-work\src\o365-attack-toolkit

Now, when I run dep ensure command, it returns back to the prompt (so maybe it ran successfully?)

8. go build

Above command gives the following error:

# o365-attack-toolkit/vendor/github.com/mattn/go-sqlite3
/usr/lib/gcc/x86_64-pc-cygwin/7.4.0/../../../../x86_64-pc-cygwin/bin/ld: cannot
find -lmingwex
/usr/lib/gcc/x86_64-pc-cygwin/7.4.0/../../../../x86_64-pc-cygwin/bin/ld: cannot
find -lmingw32
collect2: error: ld returned 1 exit status
go: failed to remove work dir: GetFileInformationByHandle C:\Users\username\AppData\
Local\Temp\go-build819327598\NUL: Incorrect function.

For GCC support on Windows 7 x64, I installed Cygwin x64 and then used the following command to install GCC and dependencies:

C:\cygwin64>setup-x86_64.exe -q -P wget -P gcc-g++ -P make -P diffutils -P libmpfr-devel -P libgmp-devel -P libmpc-devel

I added the C:\cygwin64\bin folder to the PATH environment variable as well.

Firstly, hats off to you for creating an amazing tool!

I've got the main functionality of the tool working... importing emails based on keywords to the mgmt interface (8080) - (The sign-in is a 'one-off' import of the target's emails which is as designed).

However, email rules are not created in the target's inbox. I've created a test rule (similar to the example rule) which is essentially just changing the return email address - Neither of these are created.

I have more or less achieved what I needed to with this tool (ie getting it to retrieve emails) but for completeness just want to ensure I've understood the email rules functionality correctly. Is there an additional option which is required to be enabled? Or should this create the rules automatically once the target 'signs-in'? If so, can you confirm if this working correctly?

Thanks

When configuring host parameter in template.conf with public IP address instead of 127.0.0.1 server fails to start.
It just displays configuration from template.conf

Signing In: When I click the Sign In button at http://localhost:30662 I get the following error:

AADSTS7000112: Application '035da677-152b-4a06-a66d-2a5e749b3c69'(Testing for App) is disabled.

I have tried it within two different tenants and same error.

Management Interface: Same error as this; #12
What is the fix?

Thanks

The instruction is missing how to configure external server with SSL.
Shall the .crt and .key files be placed in the root folder of o365-attack toolkit?
How to reference them in template.conf file?
I am install it on Debian

I tested the toolkit, everything worked but when I tried to login as a victim it showed the message
"Need admin approval"
APP_NAME needs a permission to access resources in your organization...

Is this the control that office365 adding to the system?

Hi,

I'm trying to do this with reverse proxy and also with SSL certificates and all of that works perfectly. Nevertheless, when I try to press click on "Get URL" does nothing. Another thing, the reverse proxy always generates "404 not found", however, in the localhost on port 8080 it does work. What is really happening?.

Thank you.

Internal server IP reports as:

2019/08/01 12:09:03 Loaded 1 rules successfully.
2019/08/01 12:09:03 Starting Internal Server on 0.0.0.0:8080 
2019/08/01 12:09:03 Starting External Server on 0.0.0.0:30662 

but is actually hard-coded to 127.0.0.1.

Would suggest that two configuration options for internal/external are within the template.conf file.

When configuring host parameter in template.conf with public IP address instead of 127.0.0.1 server fails to start.
It just displays configuration from template.conf

Hi
I am just trying to test this tool out. I've never used GO-Lang so I am not sure where does this configuration part goes, as defined in the README.

Any help would be appreciated.