TROUBLE-1/Vajra

JWT Decoding error

ConstantinT opened this issue · 2 comments

ConstantinT commented

Describe the bug
When using Enumeration=> Azure AD with an access token, fetched from the victims page, the app says the token is invalid.
In the function startAzureAdEnumeration in function.py the application crashes.

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 2095, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python3.9/dist-packages/flask_socketio/__init__.py", line 45, in __call__
    return super(_SocketIOMiddleware, self).__call__(environ,
  File "/usr/local/lib/python3.9/dist-packages/engineio/middleware.py", line 74, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 2080, in wsgi_app
    response = self.handle_exception(e)
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 2077, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1525, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1523, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.9/dist-packages/flask/app.py", line 1509, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
  File "/usr/local/lib/python3.9/dist-packages/flask_login/utils.py", line 277, in decorated_view
    return current_app.ensure_sync(func)(*args, **kwargs)
  File "/opt/Vajra/Code/vajra/routes.py", line 544, in azureAdEnumeration
    res = startAzureAdEnumeration(form)
  File "/opt/Vajra/Code/vajra/functions.py", line 418, in startAzureAdEnumeration
    username = jwt.decode(accessToken, options={"verify_signature": False})["upn"]
  File "/usr/lib/python3/dist-packages/jwt/api_jwt.py", line 104, in decode
    self._validate_claims(payload, merged_options, **kwargs)
  File "/usr/lib/python3/dist-packages/jwt/api_jwt.py", line 140, in _validate_claims
    self._validate_aud(payload, audience)
  File "/usr/lib/python3/dist-packages/jwt/api_jwt.py", line 189, in _validate_aud
    raise InvalidAudienceError('Invalid audience')
jwt.exceptions.InvalidAudienceError: Invalid audience

Replacing in function.py:
username = jwt.decode(accessToken, options={"verify_signature": False})["upn"]

With:
username = jwt.decode(accessToken, options={"verify_signature": False, "verify_aud": False})["upn"]

fixed the issue

To Reproduce
Steps to reproduce the behavior:

  1. Go to 'http://127.0.0.1/azure/office365/victims'
  2. Click on 'Get Token'
  3. Go to 'https://vajra.hackmich.net/azure/enumeration/AzureAdEnumeration'
  4. Paste the token in the corresponding field
  5. Click 'Enumerate'
TROUBLE-1 commented

I have fixed the issue can you please confirm?

ConstantinT commented

Is fixed, thank you.