Power Pwn is an offensive security toolset for Microsoft 365.
Install with pip install powerpwn
.
Check out our Wiki for docs, guides and related talks!
An offensive security toolset for Microsoft 365 focused on Microsoft Copilot, Copilot Studio and Power Platform
License: MIT License
Power Pwn is an offensive security toolset for Microsoft 365.
Install with pip install powerpwn
.
Check out our Wiki for docs, guides and related talks!
C:\...\Python\Python39\python39.exe C:/.../power-pwn/src/powerpwn/main.py recon --gui -t
Traceback (most recent call last):
File "C:\...\power-pwn\src\powerpwn\main.py", line 7, in <module>
from powerpwn.cli.runners import (
File "C:\...\power-pwn\src\powerpwn\cli\runners.py", line 9, in <module>
from powerpwn.nocodemalware.malware_runner import MalwareRunner
File "C:\...\power-pwn\src\powerpwn\nocodemalware\malware_runner.py", line 8, in <module>
from powerpwn.nocodemalware.models.any_command_args import AnyCommandArgs
File "C:\...\power-pwn\src\powerpwn\nocodemalware\models\any_command_args.py", line 5, in <module>
from powerpwn.nocodemalware.models.cleanup_command_args import CleanupCommandArgs
File "C:\...\power-pwn\src\powerpwn\nocodemalware\models\cleanup_command_args.py", line 8, in <module>
class CleanupCommandArgs(CommandArguments[CommandArgsPropertiesBaseModel]):
File "pydantic\main.py", line 197, in pydantic.main.ModelMetaclass.__new__
File "pydantic\fields.py", line 506, in pydantic.fields.ModelField.infer
File "pydantic\fields.py", line 436, in pydantic.fields.ModelField.__init__
File "pydantic\fields.py", line 552, in pydantic.fields.ModelField.prepare
File "pydantic\fields.py", line 668, in pydantic.fields.ModelField._type_analysis
File "C:\...\Python\Python39\lib\typing.py", line 789, in __subclasscheck__
return issubclass(cls, self.__origin__)
TypeError: issubclass() arg 1 must be a class
Setup:
Currently rerunning recon/dump with a new credentials requires the tokens.json
to be manually deleted. We should handle this via a flag and with a planned mechanism.
Running powerpwn recon
I'm able to fetch info from a bunch of environments. When going thru one particular environment I get this error:
2023-09-07 16:05:28 | powerpwn | INFO | Found 17 active shareable connections out of 21 connections in environment <environment_id>
2023-09-07 16:05:28 | powerpwn | INFO | Fetching OpenAPI spec for connector <custom_connector_id_1>.
2023-09-07 16:05:28 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_azureblob.
2023-09-07 16:05:29 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_filesystem.
2023-09-07 16:05:29 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_flowmanagement.
2023-09-07 16:05:29 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_logicflows.
2023-09-07 16:05:30 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_sharepointonline.
2023-09-07 16:05:31 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_slack.
2023-09-07 16:05:31 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_sql.
2023-09-07 16:05:32 | powerpwn | INFO | Fetching OpenAPI spec for connector <custom_connector_id_2>.
Traceback (most recent call last):
File "C:\Users\user\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 196, in _run_module_as_main
return _run_code(code, main_globals, None,
File "C:\Users\user\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 86, in _run_code
exec(code, run_globals)
File "C:\Users\user\.venv_win\Scripts\powerpwn.exe\__main__.py", line 7, in <module>
File "c:\users\user\.venv_win\lib\site-packages\powerpwn\main.py", line 33, in main
run_recon_command(args)
File "c:\users\user\.venv_win\lib\site-packages\powerpwn\cli\runners.py", line 43, in run_recon_command
entities_fetcher.collect_and_cache()
File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\resources_collector.py", line 46, in collect_and_cache
self._cache_entities(collector_instance.collect(self.__session, env_id), collector_instance.resource_type(), env_id)
File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\resources_collector.py", line 51, in _cache_entities
for entity in entities:
File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\connectors_collector.py", line 30, in collect
raise e
File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\connectors_collector.py", line 25, in collect
connector = get_connector(session, environment_id=environment_id, connector_id=connector_id)
File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\_api.py", line 21, in get_connector
raise RuntimeError(
RuntimeError: Got status code 400 for get_connector(environment_id=<environment_id>, connector_name=<custom_connector_id_2>): b'{"error":{"code":"InstanceApiRequestFailed","message":"The request failed with error: \'{\\"error\\":{\\"code\\":\\"0x80040225\\",\\"mes
sage\\":\\"The user with SystemUserId=<UPN> in OrganizationContext=<org_id> is disabled. Disabled users cannot access the system. Consider enabling this user.\\"}}\'. The correlation Id is \'<guid>\'."}}'.
I doubled checked and this user is not disabled in AAD. I also couldn't find this environment ID going to aka.ms/ppac.
Running on Win11 powerpwn==2.1.3
.
I get the following error when attempting to use PAD.MachineRegistration.Silent.exe. Any ideas what is going on here?
Unhandled exception of type Microsoft.Flow.RPA.Desktop.Shared.Clients.Common.Repos.Cds.CdsClientException. Please see the logs for more details.
Set up an operation to replace victim machine connection reference so payloads can be sent to different machines
Update Copilot Studio Hunter module and related sub-modules.
When running python 3.12 I get this error. This has been validated both on MacOS as well as python devcontainers (PR#45).
vscode โ /workspaces/power-pwn (main) $ powerpwn gui Traceback (most recent call last): File "/home/vscode/.local/bin/powerpwn", line 5, in <module> from powerpwn.main import main File "/home/vscode/.local/lib/python3.12/site-packages/powerpwn/main.py", line 7, in <module> from powerpwn.cli.runners import ( File "/home/vscode/.local/lib/python3.12/site-packages/powerpwn/cli/runners.py", line 9, in <module> from powerpwn.nocodemalware.malware_runner import MalwareRunner File "/home/vscode/.local/lib/python3.12/site-packages/powerpwn/nocodemalware/malware_runner.py", line 5, in <module> from pydantic.error_wrappers import ValidationError File "/home/vscode/.local/lib/python3.12/site-packages/pydantic/__init__.py", line 2, in <module> from . import dataclasses File "/home/vscode/.local/lib/python3.12/site-packages/pydantic/dataclasses.py", line 41, in <module> from typing_extensions import dataclass_transform File "/home/vscode/.local/lib/python3.12/site-packages/typing_extensions.py", line 1174, in <module> class TypeVar(typing.TypeVar, _DefaultMixin, _root=True): TypeError: type 'typing.TypeVar' is not an acceptable base type
Mitigation is to fix python to version 3.11 as per #45
For ransomware payload, document which type of encyption key is needed
I used the dump method to dump and obtain a token, which is stored in tokens.json but whenever i do copilot chat command for example and use the --cached-token argument it keeps saying no cache tokens found. Why does it not use the tokens.json file but keeps saying no cache tokens found.
Background
Def done
Fix 2 bugs in Puppeteer script:
When I try to logon for the devicelogin step, I get this error:
AADSTS900561: The endpoint only accepts POST requests. Received a GET request.
Prereqs: msft tenant available.
Script to replace manual set up specified here https://github.com/mbrg/power-pwn/blob/main/docs/cloud_setup.md
Background
Def done
GUI is supported by python 3.8 - newer python versions are not supported
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.