• dump
• delete logs
• creds scanning?
• Privilege escalation?

C:\...\Python\Python39\python39.exe C:/.../power-pwn/src/powerpwn/main.py recon --gui -t 
Traceback (most recent call last):
  File "C:\...\power-pwn\src\powerpwn\main.py", line 7, in <module>
    from powerpwn.cli.runners import (
  File "C:\...\power-pwn\src\powerpwn\cli\runners.py", line 9, in <module>
    from powerpwn.nocodemalware.malware_runner import MalwareRunner
  File "C:\...\power-pwn\src\powerpwn\nocodemalware\malware_runner.py", line 8, in <module>
    from powerpwn.nocodemalware.models.any_command_args import AnyCommandArgs
  File "C:\...\power-pwn\src\powerpwn\nocodemalware\models\any_command_args.py", line 5, in <module>
    from powerpwn.nocodemalware.models.cleanup_command_args import CleanupCommandArgs
  File "C:\...\power-pwn\src\powerpwn\nocodemalware\models\cleanup_command_args.py", line 8, in <module>
    class CleanupCommandArgs(CommandArguments[CommandArgsPropertiesBaseModel]):
  File "pydantic\main.py", line 197, in pydantic.main.ModelMetaclass.__new__
  File "pydantic\fields.py", line 506, in pydantic.fields.ModelField.infer
  File "pydantic\fields.py", line 436, in pydantic.fields.ModelField.__init__
  File "pydantic\fields.py", line 552, in pydantic.fields.ModelField.prepare
  File "pydantic\fields.py", line 668, in pydantic.fields.ModelField._type_analysis
  File "C:\...\Python\Python39\lib\typing.py", line 789, in __subclasscheck__
    return issubclass(cls, self.__origin__)
TypeError: issubclass() arg 1 must be a class

Setup:

• Python 3.9.5
• Win11
• pydantic==1.10.7

Background

1. #49
2. #50

Def done
Handle remaining checks for PR #50 more gracefully. Further updates to address some of them will be handle afterwards when possible.

1. explore which connectors are shareable (so guest users will have access to these connections)
2. add recon for supported connectors
3. add dump for supported connectors

Currently rerunning recon/dump with a new credentials requires the tokens.json to be manually deleted. We should handle this via a flag and with a planned mechanism.

Running powerpwn recon I'm able to fetch info from a bunch of environments. When going thru one particular environment I get this error:

2023-09-07 16:05:28 | powerpwn | INFO | Found 17 active shareable connections out of 21 connections in environment <environment_id>
2023-09-07 16:05:28 | powerpwn | INFO | Fetching OpenAPI spec for connector <custom_connector_id_1>.
2023-09-07 16:05:28 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_azureblob.
2023-09-07 16:05:29 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_filesystem.
2023-09-07 16:05:29 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_flowmanagement.
2023-09-07 16:05:29 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_logicflows.
2023-09-07 16:05:30 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_sharepointonline.
2023-09-07 16:05:31 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_slack.
2023-09-07 16:05:31 | powerpwn | INFO | Fetching OpenAPI spec for connector shared_sql.
2023-09-07 16:05:32 | powerpwn | INFO | Fetching OpenAPI spec for connector <custom_connector_id_2>.
Traceback (most recent call last):
  File "C:\Users\user\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 196, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "C:\Users\user\AppData\Local\Programs\Python\Python310\lib\runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "C:\Users\user\.venv_win\Scripts\powerpwn.exe\__main__.py", line 7, in <module>
  File "c:\users\user\.venv_win\lib\site-packages\powerpwn\main.py", line 33, in main
    run_recon_command(args)
  File "c:\users\user\.venv_win\lib\site-packages\powerpwn\cli\runners.py", line 43, in run_recon_command
    entities_fetcher.collect_and_cache()
  File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\resources_collector.py", line 46, in collect_and_cache
    self._cache_entities(collector_instance.collect(self.__session, env_id), collector_instance.resource_type(), env_id)
  File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\resources_collector.py", line 51, in _cache_entities
    for entity in entities:
  File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\connectors_collector.py", line 30, in collect
    raise e
  File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\connectors_collector.py", line 25, in collect
    connector = get_connector(session, environment_id=environment_id, connector_id=connector_id)
  File "c:\users\user\.venv_win\lib\site-packages\powerpwn\powerdump\collect\resources_collectors\_api.py", line 21, in get_connector
    raise RuntimeError(
RuntimeError: Got status code 400 for get_connector(environment_id=<environment_id>, connector_name=<custom_connector_id_2>): b'{"error":{"code":"InstanceApiRequestFailed","message":"The request failed with error: \'{\\"error\\":{\\"code\\":\\"0x80040225\\",\\"mes
sage\\":\\"The user with SystemUserId=<UPN> in OrganizationContext=<org_id> is disabled. Disabled users cannot access the system. Consider enabling this user.\\"}}\'. The correlation Id is \'<guid>\'."}}'.

I doubled checked and this user is not disabled in AAD. I also couldn't find this environment ID going to aka.ms/ppac.

Running on Win11 powerpwn==2.1.3.

• prefer to run locally
• prefer to be able to run on JSONs, text, etc

I get the following error when attempting to use PAD.MachineRegistration.Silent.exe. Any ideas what is going on here?

Unhandled exception of type Microsoft.Flow.RPA.Desktop.Shared.Clients.Common.Repos.Cds.CdsClientException. Please see the logs for more details.

Set up an operation to replace victim machine connection reference so payloads can be sent to different machines

Update Copilot Studio Hunter module and related sub-modules.

When running python 3.12 I get this error. This has been validated both on MacOS as well as python devcontainers (PR#45).

vscode ➜ /workspaces/power-pwn (main) $ powerpwn gui Traceback (most recent call last): File "/home/vscode/.local/bin/powerpwn", line 5, in <module> from powerpwn.main import main File "/home/vscode/.local/lib/python3.12/site-packages/powerpwn/main.py", line 7, in <module> from powerpwn.cli.runners import ( File "/home/vscode/.local/lib/python3.12/site-packages/powerpwn/cli/runners.py", line 9, in <module> from powerpwn.nocodemalware.malware_runner import MalwareRunner File "/home/vscode/.local/lib/python3.12/site-packages/powerpwn/nocodemalware/malware_runner.py", line 5, in <module> from pydantic.error_wrappers import ValidationError File "/home/vscode/.local/lib/python3.12/site-packages/pydantic/__init__.py", line 2, in <module> from . import dataclasses File "/home/vscode/.local/lib/python3.12/site-packages/pydantic/dataclasses.py", line 41, in <module> from typing_extensions import dataclass_transform File "/home/vscode/.local/lib/python3.12/site-packages/typing_extensions.py", line 1174, in <module> class TypeVar(typing.TypeVar, _DefaultMixin, _root=True): TypeError: type 'typing.TypeVar' is not an acceptable base type

Mitigation is to fix python to version 3.11 as per #45

• Cloud setup
• Command execution
• Infect victim machine

For ransomware payload, document which type of encyption key is needed

1. build copilot with ai conversational plugin, the conversational plugin will be shared by all by default, and it will be malicious
2. ai conversational plugins discovery -> can be used as connections ?

I used the dump method to dump and obtain a token, which is stored in tokens.json but whenever i do copilot chat command for example and use the --cached-token argument it keeps saying no cache tokens found. Why does it not use the tokens.json file but keeps saying no cache tokens found.

Background

1. powerpwn has several known error handling use cases which should be addressed for smoother user experience and fuller functionality.

Def done

1. Map these cases
2. Update the code to handle them
3. Consider future errors we can already address, if such exist

Fix 2 bugs in Puppeteer script:

1. Orange color causes errors
2. Final results not saved properly

When I try to logon for the devicelogin step, I get this error:

AADSTS900561: The endpoint only accepts POST requests. Received a GET request.

Prereqs: msft tenant available.

Script to replace manual set up specified here https://github.com/mbrg/power-pwn/blob/main/docs/cloud_setup.md

1. The ability to perform dumps using PowerPWN depends on the found connections also actually allowing remote connectivity.
2. This means that there could be cases in which connections are found but performing a dump on them will be unavailable since they aren't accessible.
3. We need to verify that the dump is working successfully in such cases and handling these cases gracefully.

Background

1. powerpwn could have better CLI capabilities, to better interact with users and guide them (similarly to other attack tools).
2. Some of the content should be based upon the updated documentation (TBD after #29).

Def done

1. Perform required code & documentation updates to address the above.
2. Open follow up issues as required.
3. Inquire with users regarding task success (this is a CLI that new users should find friendly) and iterate.

1. flows
2. flow runs
3. and more (custom connectors...) ?

• Make class and enum names easier to understand
• PR validation
• Tests
• Linting
• requirements.txt

• General docs
• powerdump
• powerdoor
• phisihing
• no-code malware

GUI is supported by python 3.8 - newer python versions are not supported