mbrg · zen-ayush · Dec 8, 2024 · Dec 8, 2024 · Dec 10, 2024 · Dec 10, 2024
diff --git a/puppeteer_get_substrate_bearer/get_substrate_bearer_office.js b/puppeteer_get_substrate_bearer/get_substrate_bearer_office.js
@@ -184,18 +184,23 @@ function delay(time) {
     // Retrieve the value of 'secret' from local storage if the key's value includes a reference to 'https://substrate.office.com/sydney/.default'
     // This is the bearer token for the Substrate API (also seen in the network tab WS under the access_token parameter)
     const secretValue = await page.evaluate(() => {
-        const key = Object.keys(localStorage).find(k => {
-            const value = localStorage.getItem(k);
-            return value.includes('https://substrate.office.com/sydney/.default');
-        });
+    // Find the key with the specific URL pattern
+    const key = Object.keys(localStorage).find(k => {
+        const value = localStorage.getItem(k);
+        return k.includes('https://substrate.office.com/sydney/.default');
+    });
+
+    if (key) {
+        const data = JSON.parse(localStorage.getItem(key)); // Parse the JSON string
+        return data.secret; // Return the 'secret' (bearer token)
+    }
+
+    print("Not found")
+    return null; // If not found, return null
 
-        if (key) {
-            const data = JSON.parse(localStorage.getItem(key));
-            return data.secret;
-        }
-        return null;
     });
 
+
     // Print the bearer token to the console (change this to save it to a file or a secure location)
     console.log('access_token:%s', secretValue);
 

diff --git a/src/powerpwn/cli/arguments.py b/src/powerpwn/cli/arguments.py
@@ -152,6 +152,11 @@ def module_copilot(command_subparsers: argparse.ArgumentParser):
     copilot_modules(whoami)
     whoami.add_argument("-g", "--gui", action="store_true", help="Run local server for gui.")
 
+    discovery = copilot_subparsers.add_parser(
+        "discovery", description="Get the sensitive files that user has access to", help="Get the current user's information"
+    )
+    copilot_modules(discovery)
+
     dump = copilot_subparsers.add_parser(
         "dump",
         description="Data dump using recon from whoami command",

diff --git a/src/powerpwn/cli/runners.py b/src/powerpwn/cli/runners.py
@@ -13,6 +13,7 @@
 from powerpwn.copilot.gui.gui import Gui as CopilotGui
 from powerpwn.copilot.interactive_chat.interactive_chat import InteractiveChat
 from powerpwn.copilot.models.chat_argument import ChatArguments
+from powerpwn.copilot.oversharing.discovery import Discovery
 from powerpwn.copilot.spearphishing.automated_spear_phisher import AutomatedSpearPhisher
 from powerpwn.copilot.whoami.whoami import WhoAmI
 from powerpwn.copilot_studio.modules.deep_scan import DeepScan
@@ -204,13 +205,15 @@ def run_copilot_chat_command(args):
         if args.gui:
             CopilotGui().run(output_dir)
         return
-
     elif args.copilot_subcommand == "dump":
         dump = Dump(parsed_args, args.directory)
         output_dir = dump.run()
         if args.gui:
             CopilotGui().run(output_dir)
         return
+    elif args.copilot_subcommand == "discovery":
+        Discovery(parsed_args).run()
+        return
 
     raise NotImplementedError(f"Copilot {args.copilot_subcommand} subcommand has not been implemented yet.")
 

diff --git a/src/powerpwn/copilot/copilot_connector/copilot_connector.py b/src/powerpwn/copilot/copilot_connector/copilot_connector.py
@@ -346,12 +346,19 @@ def __get_plugins(self, access_token: str) -> list:
         return plugins
 
     def __get_conversation_parameters(self, refresh: bool = False) -> ConversationParameters:
+        print("hi")
         print("Getting bearer token...")
         access_token = self.__get_access_token(refresh)
         if not access_token:
             print("Failed to get bearer token. Exiting...")
             raise CopilotConnectionFailedException("Could not get access token to connect to copilot.")
 
+        print(f"Access token: {access_token}")
+        token_parts = access_token.split('.')
+        if len(token_parts) != 3:
+            print(f"Invalid JWT format. Expected 3 segments, got {len(token_parts)}.")
+            raise ValueError(f"Invalid JWT format: {access_token}")
+
         parsed_jwt = jwt.decode(access_token, algorithms=["RS256"], options={"verify_signature": False})
         upn = parsed_jwt.get("upn")
         unique_name = parsed_jwt.get("unique_name")
@@ -365,7 +372,7 @@ def __get_conversation_parameters(self, refresh: bool = False) -> ConversationPa
         url = self.__get_websocket_url(access_token, self.__arguments.scenario, parsed_jwt)
         session_id = self.__get_session_from_url(url)
 
-        available_plugins: list[PluginInfo] = self.__get_plugins(access_token)
+        available_plugins: list[PluginInfo] = []
 
         return ConversationParameters(
             conversation_id=str(uuid.uuid4()), url=url, session_id=session_id, available_plugins=available_plugins, used_plugins=[]

diff --git a/src/powerpwn/copilot/oversharing/connectionverifier.py b/src/powerpwn/copilot/oversharing/connectionverifier.py
@@ -0,0 +1,23 @@
+import asyncio
+
+from powerpwn.copilot.models.chat_argument import ChatArguments
+from powerpwn.copilot.chat_automator.chat_automator import ChatAutomator
+from powerpwn.copilot.copilot_connector.copilot_connector import CopilotConnector
+from powerpwn.copilot.enums.copilot_scenario_enum import CopilotScenarioEnum
+from powerpwn.copilot.enums.verbose_enum import VerboseEnum
+
+args = ChatArguments(
+        user="[email protected]",
+        password="U*S+#XL)cw?d,7AQ",
+        verbose=VerboseEnum.full,
+        scenario=CopilotScenarioEnum.officeweb,
+        use_cached_access_token=False
+    )
+
+chat_automator = ChatAutomator(args)
+
+# init connector
+chat_automator.init_connector()
+
+# send prompt and get the answer as WebSocket message
+result = chat_automator.send_prompt("Hello World")