final changes

mvelazc0 · Jul 6, 2024 · 37e7ead · 37e7ead
1 parent bc4dc09
commit 37e7ead
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -133,4 +133,10 @@ __pycache__/
 *.tfvars.json
 
 # Ignore config file
-local.yml
+local.yml
+
+# Ignore users file
+users.txt
+
+# Ignore tokens file
+tokens.txt
diff --git a/BadZure.py b/BadZure.py
@@ -100,6 +100,11 @@ def parse_terraform_output(output):
 
     return resources    
 
+def write_users_to_file(users, domain, file_path):
+    with open(file_path, 'w') as file:
+        for user in users.values():
+            file.write(f"{user['user_principal_name']}@{domain}\n")
+
 def get_ms_token_username_pass(tenant_id, username, password, scope):
 
     # https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth-ropc
@@ -507,7 +512,7 @@ def build(config, verbose):
         json.dump(tf_vars, f, indent=4)
 
 
-    """
+
     # Initialize and apply the Terraform configuration
     logging.info(f"Calling terraform init.")
     return_code, stdout, stderr = tf.init()
@@ -528,6 +533,8 @@ def build(config, verbose):
         return
 
     logging.info("Azure AD tenant setup completed with assigned permissions and configurations!")
+    write_users_to_file(users, domain, 'users.txt')
+    logging.info("Created users.txt file.")
     logging.info("Attack Path Details")
 
     for attack_path in config['attack_paths']:
@@ -549,11 +556,7 @@ def build(config, verbose):
                     file.write(f"Access Token: {tokens['access_token']}\n")
                     file.write(f"Refresh Token: {tokens['refresh_token']}\n")
                 logging.info(f"Tokens saved in tokens.txt!.")
-                
-                #logging.info(f"Access Token: {tokens['access_token']}")
-                #logging.info(f"Refresh Token: {tokens['refresh_token']}")                
-
-   """                  
+
     logging.info("Good bye.")
 
 @cli.command()

diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ An Azure AD tenant populated with BadZure also enables red and blue teams to:
 
 ### Initial Access
 
-BadZure simulates initial access by employing common account takeover techniques, including password attacks and token theft. This is achieved through two primary methods described below.
+BadZure simulates initial access by employing common account takeover techniques, including password attacks and token theft. By providing both passwords and tokens, BadZure enables security practitioners to effectively simulate initial access scenarios and explore various attack vectors against Azure AD tenants.
 
 #### Password-Based Access
 
@@ -39,7 +39,6 @@ When configured to use passwords, BadZure assigns randomly generated passwords t
 
 For token-based access, BadZure generates JWT access tokens for specified principals. These tokens are provided in the output, simulating scenarios where an attacker has obtained valid tokens through [reverse proxy phishing](https://help.evilginx.com/), malware or other means. Users can utilize these tokens to authenticate directly against Azure AD resources, gaining an understanding of potential attack vectors involving token theft.
 
-By providing both passwords and tokens, BadZure enables security practitioners to effectively simulate initial access scenarios and explore various attack vectors against their Azure AD tenants.
 
 ### Privilege Escalation