Retrieve tokens after user is phished
jon-witte opened this issue · comments
Hello,
I have been testing out the phishing function and it's working as expected. Once I have the token though it only seems like I can run a small set of insider commands. for example, I can run Invoke-AADIntReconAsInsider just fine, but Get-AADIntGlobalAdmins returns an error saying it can't find an access token. if I run Get-AADIntCache I see the tokens, so not sure why the other insider commands are not running as expected, maybe i'm missing a step in between.
also somewhat related but after i phish the user and grab the token, I run Open-AADIntOWA but it does not open the user's mailbox who i phished, but my work inbox. Thank you for the tool!
I'll be refactoring the access token handling in next versions, that should fix the situation you described.
Open-AADIntOWA behaviour seems to be a bit odd, Microsoft must have changed something 😊