Skip to content

Commit 39cd59e

Browse files
committed
Fixed token parsing on linux
1 parent c5e4ef0 commit 39cd59e

3 files changed

Lines changed: 17 additions & 43 deletions

File tree

.github/usage.png

370 KB
Loading

README.md

Lines changed: 4 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -64,42 +64,9 @@ pip3 install -r requirements.txt
6464

6565
## Usage
6666

67-
```
68-
usage: graphpython.py [-h] [--command COMMAND] [--list-commands] [--token TOKEN] [--estsauthcookie ESTSAUTHCOOKIE] [--use-cae] [--cert CERT] [--domain DOMAIN] [--tenant TENANT] [--username USERNAME] [--secret SECRET] [--id ID] [--select SELECT] [--query QUERY]
69-
[--search SEARCH] [--entity {driveItem,message,chatMessage,site,event}] [--device {mac,windows,androidmobile,iphone}] [--browser {android,IE,chrome,firefox,edge,safari}] [--only-return-cookies]
70-
[--mail-folder {allitems,inbox,archive,drafts,sentitems,deleteditems,recoverableitemsdeletions}] [--top TOP] [--script SCRIPT] [--email EMAIL]
71-
72-
options:
73-
-h, --help show this help message and exit
74-
--command COMMAND Command to execute
75-
--list-commands List available commands
76-
--token TOKEN Microsoft Graph access token or refresh token for FOCI abuse
77-
--estsauthcookie ESTSAUTHCOOKIE
78-
'ESTSAuth' or 'ESTSAuthPersistent' cookie value
79-
--use-cae Flag to use Continuous Access Evaluation (CAE) - add 'cp1' as client claim to get an access token valid for 24 hours
80-
--cert CERT X509Certificate path (.pfx)
81-
--domain DOMAIN Target domain
82-
--tenant TENANT Target tenant ID
83-
--username USERNAME Username or file containing username (invoke-userenumerationasoutsider)
84-
--secret SECRET Enterprise application secretText (invoke-appsecrettoaccesstoken)
85-
--id ID ID of target object
86-
--select SELECT Fields to select from output
87-
--query QUERY Raw API query (GET only)
88-
--search SEARCH Search string
89-
--entity {driveItem,message,chatMessage,site,event}
90-
Search entity type: driveItem(OneDrive), message(Mail), chatMessage(Teams), site(SharePoint), event(Calenders)
91-
--device {mac,windows,androidmobile,iphone}
92-
Device type for User-Agent forging
93-
--browser {android,IE,chrome,firefox,edge,safari}
94-
Browser type for User-Agent forging
95-
--only-return-cookies
96-
Only return cookies from the request (open-owamailboxinbrowser)
97-
--mail-folder {allitems,inbox,archive,drafts,sentitems,deleteditems,recoverableitemsdeletions}
98-
Mail folder to dump (dump-owamailbox)
99-
--top TOP Number (int) of messages to retrieve (dump-owamailbox)
100-
--script SCRIPT File containing the script content (deploy-maliciousscript and backdoor-script)
101-
--email EMAIL File containing OWA email message body content (spoof-owaemailmessage)
102-
```
67+
<p align="center">
68+
<img src="./.github/usage.png" />
69+
</p>
10370

10471
## Commands
10572

@@ -656,5 +623,4 @@ Graph permission IDs applied to objects can be easily located with detailed expl
656623
- [x] `Update-DeviceConfig` - patch settings that aren't read only from existing managed device config, more info [here](https://learn.microsoft.com/en-us/graph/api/intune-devices-manageddevice-update?view=graph-rest-beta)
657624
- [x] `New-SignedJWT` - need to test this from sharpgraphview
658625
- Options:
659-
- [ ] add functionality for chaining commands e.g. --command get-user, get-currentuser, get-groups
660-
- [ ] --proxy
626+
- [ ] --proxy option

graphpython.py

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -314,8 +314,16 @@ def get_user_agent(args):
314314

315315
def get_access_token(token_input):
316316
if os.path.isfile(token_input):
317-
with open(token_input, 'r', encoding='utf-16') as file:
318-
access_token = file.read().strip()
317+
encodings = ['utf-8', 'utf-16', 'ascii', 'iso-8859-1']
318+
for encoding in encodings:
319+
try:
320+
with open(token_input, 'r', encoding=encoding) as file:
321+
access_token = file.read().strip()
322+
return access_token
323+
except UnicodeDecodeError:
324+
continue
325+
326+
raise ValueError(f"Unable to decode the file {token_input} with any of the tried encodings.")
319327
else:
320328
access_token = token_input
321329
return access_token
@@ -7067,9 +7075,9 @@ def print_profile_settings(response_json, profile_type):
70677075
print("=" * 80)
70687076

70697077

7070-
#############
7071-
# Resolvers #
7072-
#############
7078+
############
7079+
# Locators #
7080+
############
70737081

70747082
# locate-objectid
70757083
elif args.command and args.command.lower() == "locate-objectid":

0 commit comments

Comments
 (0)