search

blacklanternsecurity / TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
GNU General Public License v3.0
1.04k stars 147 forks source link

Fix error AADSTS50131 for correct credentials. #3

Closed riflon closed 3 years ago

riflon commented 3 years ago

When a password is guessed of an account without 2FA, the following error is shown.

[WARN] Got an error we haven't seen yet for user eanderson@lenovo.us.com
[WARN] AADSTS50131: Device is not in required device state: known. Or, the request was blocked due to suspicious activity, access policy, or security policy decisions.

After debugging the error, I noticed and checked that this error means "correct credentials". I added the correct validation to generate a correct output.

Hope this helps. :-)

TheTechromancer commented 3 years ago

Thanks for the PR. I was oblivious and ended up discovering and fixing this on my own. But the error is handled correctly now :)