mdsecresearch / LyncSniper

LyncSniper: A tool for penetration testing Skype for Business and Lync deployments
303 stars 63 forks source link

added MFA identification & username enumeration to Invoke-AuthenticateO365 #11

Closed cobbr closed 6 years ago

cobbr commented 6 years ago

Thanks for the great tool!

I noticed that the response from O365 indicates whether the credentials are accurate, but requires MFA, which can result in valid credentials not being identified by LyncSniper. Also, the response will indicate if the user does not exist in Active Directory.

This may be true for non-O365 as well, but I have not tested.

Anyways, this was helpful for me, feel free to merge if you think it would be a good addition.

cobbr commented 6 years ago

Also added a-Delay <milliseconds> parameter to Invoke-LyncSpray.

mdsecresearch commented 6 years ago

Thanks for this, excellent work! 👍 @cobbr