Unable to authenticate in a number of ways.
austinzwile opened this issue · comments
I've been trying to leverage roadrecon for a red team assessment I'm working on and no matter which way I try to authenticate, I get a URL parsing error from Urllib or some other error. I believe I am doing everything right, I have no idea what's going on.
┌──(root㉿kali)-[/home/kali/VMShared]
└─# roadrecon auth --access-token $(cat _____CENSORED______AzureAccessToken.json)
usage: roadrecon [-h] {auth,gather,dump,gui,plugin} ...
roadrecon: error: unrecognized arguments: "DefaultContextKey": "a8966302-3a5c-43fd-accf-_____CENSORED______ - pentestuser@domain.co.uk "CacheData": "eyJB_____CENSORED______WE5ZS________CENSORED_____________NhZTg1MzViOGYuYT_____CENSORED______NmE1MTRlZThiMTg3LWxvZ2luLndpbmRvd3MubmV0LWFjY2Vzc3Rva2VuLTE5NTBhMjU4LTIyN2ItNGUzMS1hOWNmLTcxNzQ5NTk0NWZjMi1hODk2NjMwMi0zYTVjLTQzZmQtYW________CENSORED_____________VtZW50LmNvcmUud2luZ________CENSORED_____________1wZXJzb25hdGlvbiBodHRwczovL21hbmFnZW1lbnQuY29yZS53aW5kb3dzLm5ldC8vLmRlZmF1bHQiOnsiaG9tZV9hY2NvdW50X2lkIjoiYmQ1Y2VhOWUtOWI3OC00NzJiLTkxODMtYTJjYWU4N________CENSORED_____________C1hY2NmLTZhNTE0ZWU4YjE4NyIsImVudmlyb25tZW50IjoibG9na________CENSORED_____________mbyI6ImV5SjFhV1FpT2lKaVpEVmpaV0U1WlMwNVlqYzRMVFEzTW1JdE9URTRNeTFoTW1OaFpUZzFNelZpT0dZaUxDSjFkR2xrSWpvaVlUZzVOall6TURJdE0yR________CENSORED_____________TFZeTAwTTJaa0xXRmpZMll0Tm1FMU1UUmxaVGhpTVRnM0luMCIsImNsaWVudF9pZCI6IjE5NT_____CENSORED______GUzMS1hOWNmLTcxNzQ5NTk0NWZjMiIsInNlY3JldCI6I.________CENSORED_____________WUtOWI3OC00NzJiLTkxODMtYTJjYWU4NTM_____CENSORED______NWMtNDNmZC1hY2NmLTZhNTE0ZWU4YjE4NyIsImVudmlyb25tZW50IjoibG9naW4ud2luZG93cy5uZXQiLCJjbGllbnRfaW5mbyI6ImV5SjFhV1FpT2lKaVpEVmpaV0U1WlMwNVlqY________CENSORED_____________pUZzFNelZpT0d________CENSORED_____________RhZGF0YSI6eyJhcHBtZXRhZGF0YS1sb2dpbi53aW5kb3dzLm5ldC0xOTUwYTI1OC0yMjdiLTRlMzEtYTljZi03MTc_____CENSORED______1lbnQiOiJsb2dpbi53aW5kb3dzLm5ldCIsI }ExtendedProperties": {}_____CENSORED______"
┌──(root㉿kali)-[/home/kali/VMShared]
└─# roadrecon auth --device-code
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/models.py", line 384, in prepare_url
scheme, auth, host, port, path, query, fragment = parse_url(url)
File "/usr/lib/python3/dist-packages/urllib3/util/url.py", line 394, in parse_url
return six.raise_from(LocationParseError(source_url), None)
File "<string>", line 2, in raise_from
urllib3.exceptions.LocationParseError: Failed to parse: https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/roadrecon", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.10/dist-packages/roadtools/roadrecon/main.py", line 107, in main
res = auth.get_tokens(args)
File "/usr/local/lib/python3.10/dist-packages/roadtools/roadlib/auth.py", line 755, in get_tokens
return self.authenticate_device_code()
File "/usr/local/lib/python3.10/dist-packages/roadtools/roadlib/auth.py", line 97, in authenticate_device_code
code = context.acquire_user_code(self.resource_uri, self.client_id)
File "/usr/local/lib/python3.10/dist-packages/adal/authentication_context.py", line 284, in acquire_user_code
return code_request.get_user_code_info(language)
File "/usr/local/lib/python3.10/dist-packages/adal/code_request.py", line 65, in get_user_code_info
return self._get_user_code_info(oauth_parameters)
File "/usr/local/lib/python3.10/dist-packages/adal/code_request.py", line 45, in _get_user_code_info
return client.get_user_code_info(oauth_parameters)
File "/usr/local/lib/python3.10/dist-packages/adal/oauth2_client.py", line 298, in get_user_code_info
resp = requests.post(device_code_url.geturl(),
File "/usr/lib/python3/dist-packages/requests/api.py", line 117, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 515, in request
prep = self.prepare_request(req)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 443, in prepare_request
p.prepare(
File "/usr/lib/python3/dist-packages/requests/models.py", line 318, in prepare
self.prepare_url(url, params)
File "/usr/lib/python3/dist-packages/requests/models.py", line 386, in prepare_url
raise InvalidURL(*e.args)
requests.exceptions.InvalidURL: Failed to parse: https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0
──(root㉿kali)-[/home/kali/VMShared]
└─# roadrecon auth -u pentestuser -p "_____CENSORED______" -t a8966302-3a5c-43fd-accf-_____CENSORED______
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/requests/models.py", line 384, in prepare_url
scheme, auth, host, port, path, query, fragment = parse_url(url)
File "/usr/lib/python3/dist-packages/urllib3/util/url.py", line 394, in parse_url
return six.raise_from(LocationParseError(source_url), None)
File "<string>", line 2, in raise_from
urllib3.exceptions.LocationParseError: Failed to parse: https://login.microsoftonline.com/common/UserRealm/pentestuser?api-version=1.0
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/bin/roadrecon", line 8, in <module>
sys.exit(main())
File "/usr/local/lib/python3.10/dist-packages/roadtools/roadrecon/main.py", line 107, in main
res = auth.get_tokens(args)
File "/usr/local/lib/python3.10/dist-packages/roadtools/roadlib/auth.py", line 751, in get_tokens
return self.authenticate_username_password()
File "/usr/local/lib/python3.10/dist-packages/roadtools/roadlib/auth.py", line 109, in authenticate_username_password
self.tokendata = context.acquire_token_with_username_password(self.resource_uri, self.username, self.password, self.client_id)
File "/usr/local/lib/python3.10/dist-packages/adal/authentication_context.py", line 164, in acquire_token_with_username_password
return self._acquire_token(token_func)
File "/usr/local/lib/python3.10/dist-packages/adal/authentication_context.py", line 128, in _acquire_token
return token_func(self)
File "/usr/local/lib/python3.10/dist-packages/adal/authentication_context.py", line 162, in token_func
return token_request.get_token_with_username_password(username, password)
File "/usr/local/lib/python3.10/dist-packages/adal/token_request.py", line 279, in get_token_with_username_password
self._user_realm.discover()
File "/usr/local/lib/python3.10/dist-packages/adal/user_realm.py", line 147, in discover
resp = requests.get(user_realm_url.geturl(), headers=options['headers'],
File "/usr/lib/python3/dist-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 515, in request
prep = self.prepare_request(req)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 443, in prepare_request
p.prepare(
File "/usr/lib/python3/dist-packages/requests/models.py", line 318, in prepare
self.prepare_url(url, params)
File "/usr/lib/python3/dist-packages/requests/models.py", line 386, in prepare_url
raise InvalidURL(*e.args)
requests.exceptions.InvalidURL: Failed to parse: https://login.microsoftonline.com/common/UserRealm/pentestuser?api-version=1.0
In your first command, the access token json likely contains a whole lot of other stuff than the raw access token (should be a JWT), which is why it fails.
For the others, I am not sure. Please try to run it from a virtualenv with updated versions of all dependencies.
Closing due to lack of feedback