search

knavesec / CredMaster

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
926 stars 120 forks source link

Office 365 Showing Failure for Valid Credentials #65

Closed deterri closed 10 months ago

deterri commented 11 months ago

Any idea why this fails when running for o365 plugin? I've tested with two email accounts for which I know the password, across two domains configured to work with office 365.

config.json

{
  "plugin" : "o365",
  "userfile" : "users.txt",
  "passwordfile" : "passwords.txt",
  "userpassfile" : null,
  "useragentfile" : "useragents.txt",

  "outfile" : "output.txt",
  "threads" : null,
  "region" : "us-east-1",
  "jitter" : 30,
  "jitter_min" : 4,
  "delay" : 1,
  "passwordsperdelay" : null,
  "randomize" : false,
  "header" : null,
  "weekday_warrior" : null,
  "color" : false,
  "trim" : false,

  "slack_webhook" : null,
  "pushover_token" : null,
  "pushover_user" : null,
  "discord_webhook" : null,
  "teams_webhook" : null,
  "keybase_webhook": null,
  "operator_id" : null,
  "exclude_password" : false,

  "access_key" : "access_key",
  "secret_access_key" : "secret_access_key",
  "session_token" : null,
  "profile_name" : null
}

Output

python credmaster.py --config config.json
[2023-10-02 21:02:22.543] Execution started at: 2023-10-02 21:02:22.543404
[2023-10-02 21:02:22.543] Creating 1 API Gateways for https://autodiscover-s.outlook.com
[2023-10-02 21:02:23.305] Created API - Region: us-east-1 ID: (ID) - https://ID.execute-api.us-east-1.amazonaws.com/fireprox/ => https://autodiscover-s.outlook.com
[2023-10-02 21:02:24.064] Testconnect: Connection success, continuing
[2023-10-02 21:02:24.065] Total Regions Available: 15
[2023-10-02 21:02:24.065] Total API Gateways: 1
[2023-10-02 21:02:24.065] Starting Spray...
[2023-10-02 21:02:24.065] Loading credentials from users.txt with password KNOWN_PASSWORD
DEBUG <Response [401]>
DEBUG <?xml version="1.0" encoding="utf-8"?>
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
  <Response>
    <Error Time="ERROR_TIME" Id="RANDOM_ID">
      <ErrorCode>600</ErrorCode>
      <Message>Invalid Request</Message>
      <DebugData />
    </Error>
  </Response>
</Autodiscover>
[2023-10-02 21:02:43.332] us-east-1: [-] FAILURE: KNOWN_USER@domain.com:KNOWN_PASSWORD
[2023-10-02 21:02:43.333] Completed spray with password KNOWN_PASSWORD at 2023-10-02 21:02:43.333070
[2023-10-02 21:02:43.447] Destroying API (ID) in region us-east-1
[2023-10-02 21:02:44.122] End Time: 2023-10-02 21:02:44.122729
[2023-10-02 21:02:44.123] Total Execution: 21.579325 seconds
[2023-10-02 21:02:44.123] Valid credentials identified: 0