The Hunters Hut
The Hunters Hut

onedrive_user_enum

Article Excerpt

In this instance, the username is 'lightmand' and the domain is 'acmecomputercompany.com'. If a user has logged into OneDrive, this path will exist and return a 403 status code. If they have not, or the user is invalid, it will return a 404.

property
value
tags
azure-cloud,github-repo,o365,offensive-tradecraft,tradecraft-tool
url
https://github.com/nyxgeek/onedrive_user_enum
original_word_count
292

Long Summary

The article introduces onedrive_user_enum v2.00, a tool designed to enumerate valid OneDrive users. It is the most reliable user-enumeration method currently available, and is much more passive than other methods, making it undetectable to the target organization. The tool works by checking the file share URL of a OneDrive user, which is in the format of https://acmecomputercompany-my.sharepoint.com/personal/lightmand_acmecomputercompany_com/_layouts/15/onedrive.aspx. If the user has logged into OneDrive, the path will return a 403 status code. If the user is invalid, it will return a 404.

The tool has several features, including a local database (sqlite3), auto-lookup of tenants, the ability to read in a file or folder of files, append, skip-tried (de-dupe), and kill-after. Append allows users to easily create 'jsmith1' 'jsmith2' sprays, while skip-tried removes previously tried usernames. Kill-after cancels a userlist if no usernames are identified within a certain number of attempts.

The article provides a usage example and a shoutout to @DrAzureAD, @thetechr0mancer, @rootsecdev, and @hacking_lz. It also notes that users who are valid but have not yet signed into OneDrive will return a 404 not found.

Overall, onedrive_user_enum v2.00 is a reliable tool for enumerating valid OneDrive users. It is passive and undetectable to the target organization, and has several features that make it easy to use. It is the most reliable user-enumeration method currently available.

This article provides a comprehensive overview of the tool and its features, as well as a usage example and shoutouts to those who have contributed to its development.

Short Summary

šŸ““ onedrive_user_enum

šŸ‘‰šŸ½ In this instance, the username is 'lightmand' and the domain is 'acmecomputercompany.com'. If a user has logged into OneDrive, this path will exist and return a 403 status code. If they have not, or the user is invalid, it will return a 404. šŸ‘‰šŸ½ Introducing onedrive_user_enum v2.00 tool for enumerating valid OneDrive users. šŸ‘‰šŸ½ The tool is reliable and passive, making it undetectable to target organizations. šŸ‘‰šŸ½ Works by checking the file share URL and returning 403 or 404 status codes. šŸ‘‰šŸ½ Features include local database, auto-lookup of tenants, and ability to read files/folders. šŸ‘‰šŸ½ Append allows for easy creation of user sprays, while skip-tried removes previously tried names. šŸ‘‰šŸ½ Kill-after cancels a userlist if no valid usernames are identified. šŸ‘‰šŸ½ Article provides usage example and shoutouts to contributors. šŸ‘‰šŸ½ Valid users who have not yet signed into OneDrive will return a 404 not found. šŸ‘‰šŸ½ Overall, the tool is the most reliable user-enumeration method available. šŸ‘‰šŸ½ A comprehensive overview of features and usage is provided.

šŸ”— source link: https://github.com/nyxgeek/onedrive_user_enum

šŸ”— summarized content: https://hut.threathunterz.com/battlefield-intel/tradecraft-tools/onedrive_user_enum

#OneDriveUserEnum #UserEnumeration #PassiveMethod #ReliableTool #Features

LinkedIn

ThreatHunterz.com