Comments (4)
byt3bl33d3r
commented on June 3, 2024
Interesting and good to know! From what I've seen there isn't a way to determine if a specific account has 2FA enabled from the server's response when authenticating to OWA (unlike S4B\Lync) which why it currently reports the password isn't correct.
That being said if someone knows if there is a way to determine this from the response, feel free to submit a PR.
from sprayingtoolkit.
halfluke
commented on June 3, 2024
I tested a little in the past few days and I noticed you get a status code 456 when 2fa is enabled, so I just added a line to owa.py to handle that case. But I also found out that 456 is returned in other cases, for example when an account is blocked (but still, the password is correct).
456 is different from the old office365enum.py, for example, which expected a 403 forbidden in case of 2fa (and it also uses a different endpoint for requests).
I noticed spraying toolkit uses the same endpoint as the "ruler" project, which is wirtten in Go, for the office 365 query.
It's just a couple of lines of python to handle the new case. As I'm going on vacation I can try to submit a PR in the next days if you wish
from sprayingtoolkit.
byt3bl33d3r
commented on June 3, 2024
@halfluke that would be great! Thanks for the info!
from sprayingtoolkit.
byt3bl33d3r
commented on June 3, 2024
Closing since #16 should now handle this.
Thanks again!
from sprayingtoolkit.
Related Issues (17)
- Processing hangs/dies on larger input files HOT 2
- Failed to read from csv HOT 1
- Inventory notification HOT 1
- SSL: CERTIFICATE_VERIFY_FAILED
- Feature Request: ADFS Portal Support
- binascii.Error: Incorrect padding HOT 1
- failed pip install -r requirement HOT 2
- atomizer.py HOT 1
- atomizer - random behavior
- atomizer feature user as a pass. HOT 1
- Unsure if this is really an issue--I may just be doing it wrong HOT 1
- Dumped 0 valid accounts to lync_valid_accounts.txt, when it actually found a valid cred
- An error occurred while installing brotlipy==0.7.0! Will try again. HOT 1
- Atomizer is showing valid credentials when actually failing HOT 2
- Atomizer Fails - Sleep length must be non-negative HOT 5
- Atomizer does not stop even after CTRL-C when using --interval
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sprayingtoolkit.