search

knavesec / CredMaster

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
926 stars 120 forks source link

[azuresso] error when using plugin azuresso #62

Closed hugo-syn closed 11 months ago

hugo-syn commented 11 months ago

Hi, I have the following error when I use the azuresso plugin with a valid and invalid login/password, it says Invalid STS request do you know what's happening ? 


<S:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing"
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"
    xmlns:S="http://www.w3.org/2003/05/soap-envelope">
    <S:Header>
        <psf:pp xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
            <psf:serverVersion>1</psf:serverVersion>
            <psf:authstate>0x80048800</psf:authstate>
            <psf:reqstatus>0x80048800</psf:reqstatus>
            <psf:serverInfo ServerTime="2023-09-18T15:55:29.3214929Z">ESTS-PUB-WEULR1-AZ2-FD174-001.ProdSlices
                rid:332c8052-2b70-45c5-93b7-78d0b4b63000</psf:serverInfo>
        </psf:pp>
    </S:Header>
    <S:Body xmlns:S="http://www.w3.org/2003/05/soap-envelope">
        <S:Fault>
            <S:Code>
                <S:Value>S:Sender</S:Value>
                <S:Subcode>
                    <S:Value>wst:FailedAuthentication</S:Value>
                </S:Subcode>
            </S:Code>
            <S:Reason>
                <S:Text xml:lang="en-US">Authentication Failure</S:Text>
            </S:Reason>
            <S:Detail>
                <psf:error xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault">
                    <psf:value>0x80048800</psf:value>
                    <psf:internalerror>
                        <psf:code>0x80048800</psf:code>
                        <psf:text>AADSTS81016: Invalid STS request.</psf:text>
                    </psf:internalerror>
                </psf:error>
            </S:Detail>
        </S:Fault>
    </S:Body>
</S:Envelope>```
knavesec commented 11 months ago

In this case its not easy for me to diagnose without further context, but it looks like error code AADSTS81016 shows that the tenant does not support seamless SSO. This blog may help https://guillaumeben.xyz/Microsoft-365-enumeration/

I would recommend checking if your tenant is managed or federated, typically I see STS errors when spraying a federated environment with a technique that targets managed tenant users. You can check tenant type by using this link and changing domain.com to your target tenant domain https://login.microsoftonline.com/getuserrealm.srf?login=username@domain.com&xml=1

Closing as this is not tool related, please re-open if there is a bug to be fixed

hugo-syn commented 11 months ago

Yes but my tenant seems to be managed <NameSpaceType>Managed</NameSpaceType> :

$ curl -isk "https://login.microsoftonline.com/getuserrealm.srf?login=user@redacted.com&xml=1"
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
Expires: -1
[...]
<RealmInfo Success="true">
    <State>4</State>
    <UserState>1</UserState>
    <Login>user@redacted.com</Login>
    <NameSpaceType>Managed</NameSpaceType>
    <DomainName>redacted.com</DomainName>
    <IsFederatedNS>false</IsFederatedNS>
    <FederationBrandName>redacted2.com</FederationBrandName>
    <CloudInstanceName>microsoftonline.com</CloudInstanceName>
    <CloudInstanceIssuerUri>urn:federation:MicrosoftOnline</CloudInstanceIssuerUri>
</RealmInfo>
knavesec commented 11 months ago

Interesting, they must just not use the seamless SSO functionality. Any of the other spraying commands would work most likely