2021-05-30 07:24:43
365 Stealer
365-Stealer is a tool written in Python3 which can be used in illicit consent grant attacks. When the victim grant his consent we get their Refresh Token which can be used to request multiple Tokens that can help us in accessing data like Mails, Notes, Files from OneDrive etc.
Features
Steals Refresh Token which can be used to grant new Access Tokens for at least 90 days.
Can send mails with attachments from the victim user to another user.
Creates Outlook Rules like forwarding any mail that the victim receives.
Upload any file in victims OneDrive.
Steal's files from OneDrive, OneNote and dump all the Mails including the attachments.
365-Stealer Management portal allows us to manage all the data of the victims.
Can backdoor .docx file located in OneDrive by injecting macros and replace the file extension with .doc.
All the data like Refresh Token, Mails, Files, Attachments, list of all the users in the victim's tenant and our Configuration are stored in database.
Delay the request by specifying time in seconds while stealing the data
Tool also helps in hosting the dummy application for performing illicit consent grant attack by using --run-app in the terminal or by using 365-Stealer Management.
By using --no-stealing flag 365-Stealer will only steal token's that can be leverage to steal data.
We can also request New Access Tokens for all the user’s or for specific user.
We can easily get a new access token using --refresh-token, --client-id, --client-secret flag.
Configuration can be done from 365-Stealer CLI or Management portal.
The 365-Stealer CLI gives an option to use it in our own way and set up our own Phishing pages.
Allow us to steal particular data eg, OneDrive, Outlook etc. by passing a --custom-steal flag.
All the stolen data are saved in database.db file which we can share with our team to leverage the existing data, tokens etc.
We can search emails with specific keyword, subject, user's email address or by filtering the emails containing attachments from the 365-Stealer Management portal.
We can dump the user info from the target tenant and export the same to CSV.
https://github.com/AlteredSecurity/365-Stealer
94 views04:24