Supplemental Modules
A simple module to check access to Microsoft Graph by retrieving details about the current user.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
Invoke-CheckAccess -Tokens $tokensWhenever a user consents to an OAuth app their browser sends a request to a specified redirect URI to provide an authorization code. In situations where the user is remote you would most likely want to stand up a web server and use something like the basic PHP redirector included in this repo to capture the code. If we are creating persistence within an account we control it's possible to complete this flow by directing the browser to localhost. This modules stands up a minimal web server to listen for this request and completes the OAuth flow with the provided app registration credentials.
--OPTIONS--
ClientId - The Client ID (AppID) of the App
ClientSecret - The Secret of the App
RedirectUri - The Redirect URI used in the authorization request
Scope - Permission scope of the app "Mail.Read openid etc"
Invoke-AutoOAuthFlow -ClientId "13483541-1337-4a13-1234-0123456789ABC" -ClientSecret "v-Q8Q~fEXAMPLEEXAMPLEDsmKpQw_Wwd57-albMZ" -RedirectUri "http://localhost:10000" -scope "openid profile offline_access email User.Read User.ReadBasic.All Mail.Read"Deletes an OAuth app
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
ObjectID - The Object ID (not appID) of the app registration you want to delete
Invoke-DeleteOAuthApp -Tokens $tokens -ObjectID 967d320f-da00-49d1-a91a-abd9d4b327dcDeletes a group
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
GroupID - The object ID of the group you want to delete
Invoke-DeleteGroup -Tokens $tokens -groupID e6a413c2-2aa4-4a80-9c16-88c1687f57d9Removes a member object ID from a group
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
GroupID - The object ID of the group you want to modify
UserID - The ID of the object that you want to remove from the group
Invoke-RemoveGroupMember -Tokens $tokens -groupID e6a413c2-2aa4-4a80-9c16-88c1687f57d9 -userId 7a3d8bfe-e4c7-46c0-93ec-ef2b1c8a0b4aIf you want to download individual files from SharePoint and OneDrive you can use the DriveID & ItemID output with the Invoke-SearchSharePointAndOneDrive module.
--OPTIONS--
Tokens - Pass the $tokens global variable after authenticating to this parameter
DriveItemIDs - A combined value of the drive ID and item ID separated by a colon like this: "b!wDDN4DNGFFufSAEEN8TO3FEfeD9gdE3fm2O_-kGSapywefT_je-ghthhilmtycsZ\:01AVEVEP23EJ43DPEVEGEF7IZ6YEFEF222"
Filename - The filename you want to download the file to
Invoke-DriveFileDownload -Tokens $tokens -FileName "Passwords.docx" -DriveItemIDs "b!wDDN4DNGFFufSAEEN8TO3FEfeD9gdE3fm2O_-kGSapywefT_je-ghthhilmtycsZ\:01AVEVEP23EJ43DPEVEGEF7IZ6YEFEF222"
A basic web server to use for accessing the emailviewer.html file output from Invoke-SearchMailbox.
--OPTIONS--
Port - Port to spin up the listener on
Invoke-HTTPServer -Port 10000Test different CLientID's against MSGraph to determine permissions
--OPTIONS--
domain - Domain associated with the refresh token
resource - Target resource URL (default is https://graph.microsoft.com)
refreshToken - The refresh token to test with
Device - Device type ('Android','IE','Chrome','Firefox','Edge','Safari')
Browser - User agent to set
Invoke-BruteClientIDAccess -domain tyrellcorporation.io -refreshToken "0.AUYAME_t6323HU6qUZSUEFEWWd232..."Import an access token and refresh token into the global $tokens variable
--OPTIONS--
AccessToken - Your access token
RefreshToken - Your refresh token
Invoke-ImportTokens -AccessToken "eyj... " -RefreshToken "0.AUYA..."