Skip to content
/ HybridGATakeover Public

Create a powershell script for abusing the Sync_* account abuse since MSOnline is deprecated. This will reset the password of a GA account so be careful.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

stishy/HybridGATakeover

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
HybridGAReset.ps1
HybridGAReset.ps1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

HybridGATakeover

Create a powershell script for abusing the Sync_* account abuse since MSOnline is deprecated. This will reset the password of a GA account so be careful. (Thanks Claude)

⚠️ LEGAL DISCLAIMER AND WARNING READ THIS CAREFULLY BEFORE USING THIS TOOL 🚨 AUTHORIZED USE ONLY This tool is designed EXCLUSIVELY for:

Authorized penetration testing with explicit written permission Security research in controlled laboratory environments Red team exercises conducted by or for the organization that owns the target environment Vulnerability assessments performed under proper legal authorization

⚖️ LEGAL COMPLIANCE Users are solely responsible for ensuring their use of this tool complies with:

Computer Fraud and Abuse Act (CFAA) in the United States Computer Misuse Act in the United Kingdom European Union cybersecurity laws and GDPR Local cybersecurity and privacy legislation in your jurisdiction Corporate policies and contractual obligations Professional ethics standards for security practitioners

🛡️ LIABILITY AND RESPONSIBILITY By using this tool, you acknowledge that:

You are solely responsible for all consequences of its use The authors and contributors assume no liability for misuse You will indemnify and hold harmless the authors from any legal consequences You understand this tool can cause system outages and security incidents if misused You have the technical expertise to use this tool safely and responsibly

🔍 WHAT THIS TOOL DOES This script attempts to:

Identify hybrid Global Administrator accounts in Azure AD Extract ImmutableID values for hybrid accounts Attempt password resets using AADInternals with SourceAnchor method Document results for security assessment reporting

To use this, ensure you run the below commands as a prerequiste or authentication will fail:

#Install Modules
Install-Module AADInternals
Install-Module AzureAD

#Import Modules
Import-Module AADInternals
Import-Module AzureAD
#Set Password for Sync account
$passwd = ConvertTo-SecureString '<password>' -AsPlainText - Force

# Create Credential Object to be used in the powershell script.
$creds = New-Object System.Management.Automation.PSCredential ("Sync_HTP-ENTRA_dbdfb4f826c1@planethackers.onmicrosoft.com", $passwd)
.\HybridGAReset.ps1

About

Create a powershell script for abusing the Sync_* account abuse since MSOnline is deprecated. This will reset the password of a GA account so be careful.

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages