Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/huskyhacks/sharptokenfinder
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
https://github.com/huskyhacks/sharptokenfinder
Last synced: 4 days ago
JSON representation
C# implementation of TokenFinder. Steal M365 access tokens from Office Desktop apps
- Host: GitHub
- URL: https://github.com/huskyhacks/sharptokenfinder
- Owner: HuskyHacks
- License: mit
- Created: 2023-12-03T19:57:09.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2024-07-25T11:17:14.000Z (6 months ago)
- Last Synced: 2025-01-04T03:49:17.941Z (12 days ago)
- Language: C#
- Size: 25.4 KB
- Stars: 133
- Watchers: 1
- Forks: 21
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# SharpTokenFinder
A C# implementation of [TokenFinder](https://github.com/doredry/TokenFinder/blob/main/TokenFinder.py). Enumerates M365 Desktop Office applications for plain text authentication tokens. Parses and prints out any interesting tokens that can be leveraged to compromise the user's M365 identity.
## Usage
Run this as a reflective assembly or compile and run the executable. Ensure your payload architecture matches the process architecture for the apps that you are trying to mine.
## Contributing
I included a set of M365 app processes and interesting token audiences for the checks, but if you have any battle-tested insights about other M365 app processes/token audiences that are exploitable, feel free to open a PR!
## More info about this technique
[](https://www.youtube.com/watch?v=y4Ue_Es5cGA)
## References
- Attacking & Defending Azure & M365 - Xintra Training: https://training.xintra.org/view/courses/attacking-and-defending-azure-m365
- mrd0x original writeup: https://mrd0x.com/stealing-tokens-from-office-applications/
- TokenFinder: https://github.com/doredry/TokenFinder