├── App.config ├── FodyWeavers.xml ├── LICENSE ├── Program.cs ├── Properties └── AssemblyInfo.cs ├── README.md ├── SharpGetEntraToken.csproj ├── SharpGetEntraToken.sln ├── msalruntime.dll ├── msalruntime_x86.dll └── packages.config /App.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /FodyWeavers.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2024, hotnops 4 | 5 | Redistribution and use in source and binary forms, with or without 6 | modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this 9 | list of conditions and the following disclaimer. 10 | 11 | 2. Redistributions in binary form must reproduce the above copyright notice, 12 | this list of conditions and the following disclaimer in the documentation 13 | and/or other materials provided with the distribution. 14 | 15 | 3. Neither the name of the copyright holder nor the names of its 16 | contributors may be used to endorse or promote products derived from 17 | this software without specific prior written permission. 18 | 19 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 22 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 23 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 25 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 26 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | -------------------------------------------------------------------------------- /Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Net.Http; 5 | using System.Net; 6 | using System.Threading.Tasks; 7 | using Microsoft.Identity.Client; 8 | using Microsoft.Identity.Client.Broker; 9 | using System.Security.Authentication; 10 | 11 | namespace AcquireTokenSilentExample 12 | { 13 | public class StaticClientWithProxyFactory : IMsalHttpClientFactory 14 | { 15 | private static readonly HttpClient s_httpClient; 16 | 17 | static HttpClientHandler handler; 18 | 19 | static StaticClientWithProxyFactory() 20 | { 21 | handler = new HttpClientHandler(); 22 | handler.SslProtocols = SslProtocols.Tls12; 23 | s_httpClient = new HttpClient(handler); 24 | } 25 | 26 | public HttpClient GetHttpClient() 27 | { 28 | return s_httpClient; 29 | } 30 | } 31 | 32 | class Program 33 | { 34 | 35 | static async Task Main(string[] args) 36 | { 37 | Console.WriteLine("[*] Getting token"); 38 | IMsalHttpClientFactory httpClientFactory = new StaticClientWithProxyFactory(); 39 | // Replace these values with your app's values from the Azure portal 40 | // If no args are provided 41 | if (args.Length < 3) 42 | { 43 | Console.WriteLine("[*] Not enough args"); 44 | return; 45 | } 46 | 47 | string clientId = args[0]; 48 | string tenantId = args[1]; 49 | string[] scopes = new string[] { args[2] }; 50 | 51 | // Authority URL for Microsoft identity platform (Entra ID) 52 | string authority = $"https://login.microsoftonline.com/{tenantId}"; 53 | 54 | // Create a PublicClientApplication instance 55 | var app = PublicClientApplicationBuilder.Create(clientId) 56 | .WithAuthority(authority) 57 | .WithHttpClientFactory(httpClientFactory) 58 | .WithBroker(new BrokerOptions(BrokerOptions.OperatingSystems.Windows)) 59 | .Build(); 60 | 61 | if (app == null) 62 | { 63 | Console.WriteLine("[*] Failed to initialize app"); 64 | return; 65 | } 66 | 67 | // Attempt to acquire token silently 68 | IEnumerable accounts = await app.GetAccountsAsync(); 69 | if (accounts == null) 70 | { 71 | Console.WriteLine("[*] Cannot obtain accounts enumerable"); 72 | return; 73 | } 74 | 75 | IAccount accountToLogin = accounts.FirstOrDefault(); 76 | if (accountToLogin == null) 77 | { 78 | accountToLogin = PublicClientApplication.OperatingSystemAccount; 79 | } 80 | try 81 | { 82 | var result = await app.AcquireTokenSilent(scopes, accountToLogin).ExecuteAsync(); 83 | Console.WriteLine(result.AccessToken); 84 | } 85 | catch (MsalUiRequiredException) 86 | { 87 | Console.WriteLine("[!] MsalUiRequiredException. Interactive login required"); 88 | return; 89 | } 90 | catch (Exception ex) 91 | { 92 | Console.WriteLine("[!] " + ex.Message); 93 | Console.WriteLine(ex.ToString()); 94 | return; 95 | } 96 | } 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyTitle("SharpGetEntraToken")] 9 | [assembly: AssemblyDescription("")] 10 | [assembly: AssemblyConfiguration("")] 11 | [assembly: AssemblyCompany("")] 12 | [assembly: AssemblyProduct("SharpGetEntraToken")] 13 | [assembly: AssemblyCopyright("Copyright © 2024")] 14 | [assembly: AssemblyTrademark("")] 15 | [assembly: AssemblyCulture("")] 16 | 17 | // Setting ComVisible to false makes the types in this assembly not visible 18 | // to COM components. If you need to access a type in this assembly from 19 | // COM, set the ComVisible attribute to true on that type. 20 | [assembly: ComVisible(false)] 21 | 22 | // The following GUID is for the ID of the typelib if this project is exposed to COM 23 | [assembly: Guid("13b28332-c42a-40c2-839b-d1566b5d9e0e")] 24 | 25 | // Version information for an assembly consists of the following four values: 26 | // 27 | // Major Version 28 | // Minor Version 29 | // Build Number 30 | // Revision 31 | // 32 | // You can specify all the values or you can default the Build and Revision Numbers 33 | // by using the '*' as shown below: 34 | // [assembly: AssemblyVersion("1.0.*")] 35 | [assembly: AssemblyVersion("1.0.0.0")] 36 | [assembly: AssemblyFileVersion("1.0.0.0")] 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SharpGetEntraToken 2 | 3 | ## Intro 4 | This dotnet executable is intended to be C2 capable and will obtain an Access Token for the provided client and resource. It uses the MSAL framework to obtain a token using whatever auth mechanism has been established. This has been testing with an Entra Joined OS with a PRT on Windows 11. 5 | 6 | ## Usage 7 | The msalruntime.dll file needs to be present on the bin path of the executable running this assembly. If not it, it will fail. Most OSs do not have this, so I have provided the DLLs for upload. Ensure that you use the correct arch and that it is in the binary path. 8 | 9 | Running the executable: 10 | ``` 11 | SharpGetEntraToken.exe 12 | ``` 13 | 14 | Example: 15 | ``` 16 | SharpGetEntraToken.exe 1950a258-227b-4e31-a9cf-717495945fc2 00000000-0000-0000-0000-000000000000 https://graph.microsoft.com/.default 17 | ``` -------------------------------------------------------------------------------- /SharpGetEntraToken.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Debug 8 | AnyCPU 9 | {13B28332-C42A-40C2-839B-D1566B5D9E0E} 10 | Exe 11 | SharpGetEntraToken 12 | SharpGetEntraToken 13 | v4.7.2 14 | 512 15 | true 16 | true 17 | 18 | 19 | 20 | 21 | 22 | AnyCPU 23 | true 24 | full 25 | false 26 | bin\Debug\ 27 | DEBUG;TRACE 28 | prompt 29 | 4 30 | 31 | 32 | AnyCPU 33 | pdbonly 34 | true 35 | bin\Release\ 36 | TRACE 37 | prompt 38 | 4 39 | 40 | 41 | 42 | packages\Costura.Fody.5.7.0\lib\netstandard1.0\Costura.dll 43 | 44 | 45 | packages\Microsoft.Identity.Client.4.63.0\lib\net472\Microsoft.Identity.Client.dll 46 | 47 | 48 | packages\Microsoft.Identity.Client.Broker.4.63.0\lib\net462\Microsoft.Identity.Client.Broker.dll 49 | 50 | 51 | packages\Microsoft.Identity.Client.NativeInterop.0.16.1\lib\net461\Microsoft.Identity.Client.NativeInterop.dll 52 | 53 | 54 | packages\Microsoft.IdentityModel.Abstractions.6.35.0\lib\net472\Microsoft.IdentityModel.Abstractions.dll 55 | 56 | 57 | packages\Microsoft.Win32.Primitives.4.3.0\lib\net46\Microsoft.Win32.Primitives.dll 58 | True 59 | True 60 | 61 | 62 | 63 | packages\System.AppContext.4.3.0\lib\net463\System.AppContext.dll 64 | True 65 | True 66 | 67 | 68 | packages\System.Buffers.4.5.1\lib\net461\System.Buffers.dll 69 | 70 | 71 | 72 | packages\System.Console.4.3.0\lib\net46\System.Console.dll 73 | True 74 | True 75 | 76 | 77 | 78 | packages\System.Diagnostics.DiagnosticSource.6.0.1\lib\net461\System.Diagnostics.DiagnosticSource.dll 79 | 80 | 81 | packages\System.Diagnostics.Tracing.4.3.0\lib\net462\System.Diagnostics.Tracing.dll 82 | True 83 | True 84 | 85 | 86 | 87 | packages\System.Globalization.Calendars.4.3.0\lib\net46\System.Globalization.Calendars.dll 88 | True 89 | True 90 | 91 | 92 | 93 | packages\System.IO.4.3.0\lib\net462\System.IO.dll 94 | True 95 | True 96 | 97 | 98 | packages\System.IO.Compression.4.3.0\lib\net46\System.IO.Compression.dll 99 | True 100 | True 101 | 102 | 103 | 104 | packages\System.IO.Compression.ZipFile.4.3.0\lib\net46\System.IO.Compression.ZipFile.dll 105 | True 106 | True 107 | 108 | 109 | packages\System.IO.FileSystem.4.3.0\lib\net46\System.IO.FileSystem.dll 110 | True 111 | True 112 | 113 | 114 | packages\System.IO.FileSystem.Primitives.4.3.0\lib\net46\System.IO.FileSystem.Primitives.dll 115 | True 116 | True 117 | 118 | 119 | packages\System.Linq.4.3.0\lib\net463\System.Linq.dll 120 | True 121 | True 122 | 123 | 124 | packages\System.Linq.Expressions.4.3.0\lib\net463\System.Linq.Expressions.dll 125 | True 126 | True 127 | 128 | 129 | packages\System.Memory.4.5.4\lib\net461\System.Memory.dll 130 | 131 | 132 | packages\System.Net.Http.4.3.0\lib\net46\System.Net.Http.dll 133 | True 134 | True 135 | 136 | 137 | packages\System.Net.Sockets.4.3.0\lib\net46\System.Net.Sockets.dll 138 | True 139 | True 140 | 141 | 142 | 143 | packages\System.Numerics.Vectors.4.5.0\lib\net46\System.Numerics.Vectors.dll 144 | 145 | 146 | packages\System.Reflection.4.3.0\lib\net462\System.Reflection.dll 147 | True 148 | True 149 | 150 | 151 | packages\System.Runtime.4.3.0\lib\net462\System.Runtime.dll 152 | True 153 | True 154 | 155 | 156 | packages\System.Runtime.CompilerServices.Unsafe.6.0.0\lib\net461\System.Runtime.CompilerServices.Unsafe.dll 157 | 158 | 159 | packages\System.Runtime.Extensions.4.3.0\lib\net462\System.Runtime.Extensions.dll 160 | True 161 | True 162 | 163 | 164 | packages\System.Runtime.InteropServices.4.3.0\lib\net463\System.Runtime.InteropServices.dll 165 | True 166 | True 167 | 168 | 169 | packages\System.Runtime.InteropServices.RuntimeInformation.4.3.0\lib\net45\System.Runtime.InteropServices.RuntimeInformation.dll 170 | True 171 | True 172 | 173 | 174 | packages\System.Security.Cryptography.Algorithms.4.3.0\lib\net463\System.Security.Cryptography.Algorithms.dll 175 | True 176 | True 177 | 178 | 179 | packages\System.Security.Cryptography.Encoding.4.3.0\lib\net46\System.Security.Cryptography.Encoding.dll 180 | True 181 | True 182 | 183 | 184 | packages\System.Security.Cryptography.Primitives.4.3.0\lib\net46\System.Security.Cryptography.Primitives.dll 185 | True 186 | True 187 | 188 | 189 | packages\System.Security.Cryptography.X509Certificates.4.3.0\lib\net461\System.Security.Cryptography.X509Certificates.dll 190 | True 191 | True 192 | 193 | 194 | packages\System.Text.RegularExpressions.4.3.0\lib\net463\System.Text.RegularExpressions.dll 195 | True 196 | True 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | packages\System.Xml.ReaderWriter.4.3.0\lib\net46\System.Xml.ReaderWriter.dll 206 | True 207 | True 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}. 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | -------------------------------------------------------------------------------- /SharpGetEntraToken.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.9.34728.123 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpGetEntraToken", "SharpGetEntraToken.csproj", "{13B28332-C42A-40C2-839B-D1566B5D9E0E}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {13B28332-C42A-40C2-839B-D1566B5D9E0E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {13B28332-C42A-40C2-839B-D1566B5D9E0E}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {13B28332-C42A-40C2-839B-D1566B5D9E0E}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {13B28332-C42A-40C2-839B-D1566B5D9E0E}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {4F6D052F-6954-420D-90BC-D80FDD34FA99} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /msalruntime.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hotnops/SharpGetEntraToken/56838c0c3e5073ada105a23efbee971f4373f7f1/msalruntime.dll -------------------------------------------------------------------------------- /msalruntime_x86.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hotnops/SharpGetEntraToken/56838c0c3e5073ada105a23efbee971f4373f7f1/msalruntime_x86.dll -------------------------------------------------------------------------------- /packages.config: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | --------------------------------------------------------------------------------