![]() ![]() So this doubles, as not only a password spraying tool but also a Microsoft Online recon tool that will provide account/domain enumeration. These error codes provide information relating to if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, if the account is disabled, if the password is expired and much more. The main difference with this one is that this tool not only is looking for valid passwords, but also the extremely verbose information Azure AD error codes give you. Yes, I realize there are other password spraying tools for O365/Azure. The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.īE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS! Why another spraying tool? A password spraying tool for Microsoft Online accounts (Azure/O365). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |