Advertisement
D0cEvil

PowerShell - Azure USB Token

Dec 27th, 2022
122
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 4.95 KB | Cybersecurity | 0 0
  1. #Gets a user from Azure AD, including the associated FIDO and NGC keys.
  2.  
  3. Get-AzureADUserEx [-All] -AccessToken <String> [-TenantId <Guid>] [<CommonParameters>]
  4. Get-AzureADUserEx -AccessToken <String> -ObjectId <Guid> [-TenantId <Guid>] [<CommonParameters>]
  5. Get-AzureADUserEx -AccessToken <String> -UserPrincipalName <String> [-TenantId <Guid>] [<CommonParameters>]
  6.  
  7. #Displays info about Azure AD users with key credentials. Authentication is handled by the AzureAD module.
  8.  
  9. #Example 1
  10.  
  11. Install-Module -Name AzureAD,DSInternals -Force
  12. Connect-AzureAD
  13. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
  14. Get-AzureADUserEx -All -Token $token | Where-Object KeyCredentials -ne $null
  15.  
  16. <# Sample Output:
  17.  
  18. ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea
  19. UserPrincipalName: john@contoso.com
  20. Enabled: True
  21. DisplayName: John Doe
  22. Key Credentials:
  23.   Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM
  24.   Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM
  25.  
  26. ObjectId: 5dd9c7f0-9441-4c5a-b2df-ca7b889d8c4c
  27. UserPrincipalName: peter@contoso.com
  28. Enabled: True
  29. DisplayName: Peter Smith
  30. Key Credentials:
  31.   Usage=NGC, Source=AzureAD, Device=21c915a8-0326-47c4-8985-2aceda00eaee, Created=12/26/2019 1:22:17 PM
  32.   Usage=NGC, Source=AzureAD, Device=ec45d71b-b5dd-45dc-beaf-e248cbcb2bd3, Created=12/24/2019 9:44:56 AM
  33.  
  34. #>
  35.  
  36. #Lists all FIDO2 tokens registered in an Azure AD tenant, but only on accounts that are enabled.
  37.  
  38. Install-Module -Name AzureAD,DSInternals -Force
  39. Connect-AzureAD
  40. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
  41. Get-AzureADUserEx -All -Token $token | Where-Object Enabled -eq $true | Select-Object -ExpandProperty KeyCredentials |            Where-Object Usage -eq FIDO | Format-Table -View FIDO
  42.  
  43. <# Sample Output:
  44.  
  45. DisplayName               AAGUID                               Alg   Counter Created    Owner
  46. -----------               ------                               ---   ------- -------    -----
  47. SoloKeys Tap              8876631b-d4a0-427f-5773-0ec71c9e0279 ES256     274 2019-08-29 james@contoso.com
  48. SoloKeys Solo             8876631b-d4a0-427f-5773-0ec71c9e0279 ES256     281 2019-08-29 thomas@contoso.com
  49. eWBM Goldengate G320      87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256      83 2019-08-29 jane@contoso.com
  50. eWBM Goldengate G310      95442b2e-f15e-4def-b270-efb106facb4e ES256       4 2019-08-29 mary@contoso.com
  51. Feitian BioPass FIDO2     77010bd7-212a-4fc9-b236-d2ca5e9d4084 ES256     261 2019-08-26 george@contoso.com
  52. Yubico Security Key FIDO2 f8a011f3-8c0a-4d15-8006-17111f9edc7d ES256     257 2019-08-26 matt@contoso.com
  53. Feitian AllinPass FIDO2   12ded745-4bed-47d4-abaa-e713f51d6393 ES256     231 2019-08-26 jenny@contoso.com
  54. YubiKey 5                 fa2b99dc-9e39-4257-8f92-4a30d23c4118 ES256     229 2019-08-26 jill@contoso.com
  55. YubiKey 5                 cb69481e-8ff7-4039-93ec-0a2729a154a8 ES256      25 2019-12-12 john@contoso.com
  56. Feitian All-In-Pass       12ded745-4bed-47d4-abaa-e713f51d6393 ES256    1398 2020-03-31 peter@contoso.com
  57. eWBM Goldengate G320      87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c ES256      37 2019-08-29 joe@contoso.com
  58. eWBM Goldengate G310      95442b2e-f15e-4def-b270-efb106facb4e ES256      48 2019-08-29 joe@contoso.com
  59.  
  60. #>
  61.  
  62. Lists weak public keys registered in Azure Active Directory that were generated on ROCA-vulnerable TPMs.
  63.  
  64. Get-AzureADUserEx -All -Token $token | Where-Object Enabled -eq $true | Select-Object -ExpandProperty KeyCredentials | Where-Object Usage -eq NGC | Format-Table -View ROCA
  65.  
  66. <# Sample Output:
  67.  
  68. Usage IsWeak Source  DeviceId                             Created    Owner
  69. ----- ------ ------  --------                             -------    -----
  70. NGC   True   AzureAD fd591087-245c-4ff5-a5ea-c14de5e2b32d 2017-07-19 joe@contoso.com
  71. NGC   False  AzureAD 1966d4da-14da-4581-a7a7-5e8e07e93ad9 2019-08-01 peter@contoso.com
  72.  
  73. #>
  74.  
  75. #Gets information about a single Azure Active Directory user. If necessary, the access token is automatically refreshed by the standard #Get-AzureADTenantDetail cmdlet.
  76.  
  77. Get-AzureADTenantDetail | Out-Null
  78. $token = [Microsoft.Open.Azure.AD.CommonLibrary.AzureSession]::AccessTokens['AccessToken'].AccessToken
  79. Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -Token $token
  80.  
  81. <# Sample Output:
  82.  
  83. ObjectId: af4cf208-16e0-429d-b574-2a09c5f30dea
  84. UserPrincipalName: john@contoso.com
  85. Enabled: True
  86. DisplayName: John Doe
  87. Key Credentials:
  88.   Usage=FIDO, Source=AzureAD, Device=00000000-0000-0000-0000-000000000000, Created=12/12/2019 9:42:21 AM
  89.   Usage=NGC, Source=AzureAD, Device=cbad3c94-b480-4fa6-9187-ff1ed42c4479, Created=11/17/2015 8:17:13 AM
  90.  
  91. #>
  92.  
  93. #Displays details about FIDO2 keys registered in Azure Active Directory by a specific user.
  94.  
  95. Get-AzureADUserEx -UserPrincipalName 'john@contoso.com' -AccessToken $token | ForEach-Object { $PSItem.KeyCredentials.FidoKeyMaterial }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement