# Azurehound Azurehound is great for...hounding around in...Azure. Here's a good [doc on collecting data](https://bloodhound.specterops.io/collect-data/ce-collection/azurehound). ## Conduct an Azure collection ``` azurehound list -u lowpriv@domain.com -p "Pass123" -o domain-azure-dump.json --tenant "domain.com" ``` !!!tip I ran into issues putting the password in single ticks, so I'd say always do `"Password123"` instead of `'Password123'`! !!! ### Conduct an Azure collection (with MFA enabled) The [doc on collecting data](https://bloodhound.specterops.io/collect-data/ce-collection/azurehound) will have you first authenticate using a device code: ``` $body = @{ "client_id" = "1950a258-227b-4e31-a9cf-717495945fc2" "resource" = "https://graph.microsoft.com" } $UserAgent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" $Headers=@{} $Headers["User-Agent"] = $UserAgent $authResponse = Invoke-RestMethod ` -UseBasicParsing ` -Method Post ` -Uri "https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0" ` -Headers $Headers ` -Body $body $authResponse ``` Then finish the device-code-based auth and then do: ``` $body=@{ "client_id" = "1950a258-227b-4e31-a9cf-717495945fc2" "grant_type" = "urn:ietf:params:oauth:grant-type:device_code" "code" = $authResponse.device_code } $Tokens = Invoke-RestMethod ` -UseBasicParsing ` -Method Post ` -Uri "https://login.microsoftonline.com/Common/oauth2/token?api-version=1.0" ` -Headers $Headers ` -Body $body $Tokens ``` You'll need the refresh token for the next step: ``` $refreshToken = $Tokens.refresh_token Write-Host $refreshToken ``` Then you can pass this directly to Azurehound: ``` azurehound -r "$refreshToken" list --tenant "yourtenant.onmicrosoft.com" -o output.json ``` Or just copy the token to clipboard and paste as an `-r` value: ``` # Copy to clipboard $Tokens.refresh_token | clip # Paste azurehound -r "xyz123" list --tenant "yourtenant.onmicrosoft.com" -o output.json ```