Skip to content

Modules: PowerDump

Jump to bottom Edit New page
AvishaiEZen edited this page Jul 23, 2024 · 11 revisions

Description

powerdump is a tool for exploring information in Microsoft PowerPlatform from a Red Team perspective. In short, this is what it does:

  • Generates access tokens for fetching available resources in Microsoft PowerApps.
  • Uses HTTP calls in Python to dump all available information in the Microsoft PowerPlatform into a local directory.
  • Generates access tokens for performing advanced actions on the discovered resources.
  • Provides a basic GUI for presenting the collected resources and data.

Note: For its GUI, powerpwn uses browsepy Python library and is therefore only compatible with Python 3.6-3.8 (development is done with Python 3.8).

Installation

Using pip

Use pip to install the powerpwn tool:

pip install powerpwn

Using a version from GitHub

Clone the repository and run:

pip install .

Note: To handle the GUI properly, please use Python 3.8 for the above pip version if it is not already the default. Alternatively, you can install the above within a Python 3.8 virtual environment.

Installation for development

Clone the repository and setup a virtual environment in your IDE. Install python packages by running:

python init_repo.py

To activate the virtual environment (.venv) run:

.\.venv\Scripts\activate (Windows)

./.venv/bin/activate (Linux)

Note: To handle the GUI properly, please use Python 3.8 for the above virtual environment, if it is not already the default.

Using the PowerDump module

Via powerpwn cli

  • Run powerpwn recon --tenant {tenantId} --cache-path {path} to collect resources from tenantId and store it in path. The default cache-path is .cache .
  • For more options run powerpwn recon --help
  • On first execution, a device flow will initiate for acquiring an access token to the designated tenant.
  • Run powerpwn dump -tenant {tenantId} --cache-path {path} to dump all available data from the collected resources. The cache-path should be same of recon command
  • Collection may take a while, depending on the tenant size. Once collection is done, you can find the collected resources and data under the path directory.
  • Access tokens to powerapps and apihub are cached in tokens.json file.

Via powerpwn gui

  • Run powerpwn gui --cache-path {path}, with the path used for the recon and dump commands. The default cache-path remains .cache .
  • At http://127.0.0.1:5000/ you can find an application with all the collected resources.
  • For connections, Playground will generate the connections swagger, that allow you to run these connections and perform actions on the platform. To authenticate, use the generated apihub access token generated in the previous step.
  • At http://127.0.0.1:8080/ you can find a simple file browser with the dump of all resources and data.
Add a custom footer
Add a custom sidebar
Clone this wiki locally