Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
926
stars
120
forks
source link
MSOL Plugin: Handle BlockedByConditionalAccess (AADSTS53003) #55
Closed
er4z0r closed 1 year ago
Same issues exists in MSOLSpray (original by dafthack) and its python implementation that the msol module is based on:
If the target tenant is using conditional access policy and the credentials are correct, msol module will only show this error that is easy to miss:
Since the credentials are actually correct and might work on other endpoints that do not enforce CAP, I think this should be handled properly.
PR incoming.