Error when using the Okta module

[jsarkisian]

When running the following command:

poetry run trevorspray -u Users -p password -m okta -j 10 --random-useragent --ssh root@IP root@IP root@IP root@IP root@IP -n

The tool then fires up and outputs this:

[USER] Enter target subdomain (<subdomain>.okta.com): subdomain

And after entering the valid subdomain, the following error occurs:

[ERRR] Unhandled error in Okta.create_request(): 'subdomain' (-v to debug) [ERRR] Traceback (most recent call last): File "/root/tools/TREVORspray/trevorspray/lib/proxy.py", line 247, in check_cred prepared_request = sprayer.create_request(user, password).prepare() File "/root/tools/TREVORspray/trevorspray/lib/sprayers/base.py", line 78, in create_request url = self.url.format(**self.globalparams, **runtimeparams) KeyError: 'subdomain'

Using Python 3.8.7 in Kali Linux

Not sure what the issue is, thanks!

[TheTechromancer]

Nice find. I've pushed a few changes that should fix this. Can you try again with the latest dev branch?

pip install --force-reinstall git+https://github.com/blacklanternsecurity/trevorspray@dev

[jsarkisian]

Now getting a lot of this when spraying accounts:

[This operation is not allowed in the current authentication state.] (Response code 403)

Guessing this is working properly now and that's the throttling coming into play?

Also, the finished spraying line says this:

Finished spraying 54 users against https://{subdomain}.okta.com/api/v1/authn

Guessing it should be the actual subdomain inside those brackets? Is that just a small oversight or is it not actually taking the subdomain value when spraying?

Thanks for the quick turnaround!

[TheTechromancer]

Yes, it looks like you are being rate limited.

The actual requests do contain the subdomain; you can verify this with -v.