delay/jitter don't seem to work on Okta module

blacklanternsecurity / TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

GNU General Public License v3.0

1.04k stars 147 forks source link

delay/jitter don't seem to work on Okta module #14

Closed LMAOMOBILE closed 2 years ago

LMAOMOBILE commented 2 years ago

here's the command i'm working with:

python3 cli.py -m okta -u usernames.txt -p Winter2021! --delay 10 --jitter 120 --ssh user@IPADDRESS user@IPADDRESS user@IPADDRESS -f

i've also tried using the -d and -j versions of the flag and got the same results. i've also tried putting the delay and jitter flags at the end of the command. regardless, it just sprays at max speed

TheTechromancer commented 2 years ago

Thanks for reporting. I've pushed a fix. Can you try again with the latest dev branch?

pip install --force-reinstall git+https://github.com/blacklanternsecurity/trevorspray@dev

LMAOMOBILE commented 2 years ago

I reinstalled the dev version and tested -d 300 -j 120. one attempt slept for 5 minutes give or take but then another one only slept for 28 seconds. is there a max delay or jitter?

TheTechromancer commented 2 years ago

There isn't a limit on sleep time. But when the ssh proxy is enabled, a separate thread is spawned for each ssh session. Sleep time is per thread, meaning that if you are coming from 4 different IP addresses and you specify --delay 60, you will be trying four passwords per minute (one per minute per IP) .

LMAOMOBILE commented 2 years ago

That explains what I was seeing. Thanks very much!