add error code AADSTS53003 indicating successful spray but blocked by…

… CAP per issue #67
knavesec · Mar 19, 2024 · 7d9d1ae · 7d9d1ae
1 parent f723047
commit 7d9d1ae
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 1 deletion.
diff --git a/plugins/azuresso/azuresso.py b/plugins/azuresso/azuresso.py
@@ -108,6 +108,12 @@ def azuresso_authenticate(url, username, password, useragent, pluginargs):
             if (token):
                 data_response['output'] += f" - GOT TOKEN {token[0]}"
 
+        elif "AADSTS53003" in xmlresponse:
+            # Access successful but blocked by CAP
+            data_response['result'] = "success"
+            data_response['output'] = f"[+] SUCCESS ({error_code}): {creds} - NOTE: The response indicates token access is blocked by CAP"
+            data_response['valid_user'] = True
+
         elif "AADSTS50076" in xmlresponse:
             # Microsoft MFA response
             data_response['result'] = "success"

diff --git a/plugins/azvault/azvault.py b/plugins/azvault/azvault.py
@@ -79,6 +79,12 @@ def azvault_authenticate(url, username, password, useragent, pluginargs):
                 data_response['result'] = "failure"
                 data_response['output'] = f'[-] FAILURE ({error_code}): Tenant for account {username} is not using AzureAD/Office365'
 
+            elif "AADSTS53003" in error:
+                # Access successful but blocked by CAP
+                data_response['result'] = "success"
+                data_response['output'] = f"[+] SUCCESS ({error_code}): {username}:{password} - NOTE: The response indicates token access is blocked by CAP"
+                data_response['valid_user'] = True  
+
             elif "AADSTS50076" in error:
                 # Microsoft MFA response
                 data_response['result'] = "success"

diff --git a/plugins/msgraph/msgraph.py b/plugins/msgraph/msgraph.py
@@ -80,6 +80,12 @@ def msgraph_authenticate(url, username, password,  useragent, pluginargs):
             elif "AADSTS50034" in error:
                 data_response['result'] = "failure"
                 data_response['output'] = f'[-] FAILURE ({error_code}): Tenant for account {username} is not using AzureAD/Office365'
+
+            elif "AADSTS53003" in error:
+                # Access successful but blocked by CAP
+                data_response['result'] = "success"
+                data_response['output'] = f"[+] SUCCESS ({error_code}): {username}:{password} - NOTE: The response indicates token access is blocked by CAP"
+                data_response['valid_user'] = True  
 
             elif "AADSTS50076" in error:
                 # Microsoft MFA response

diff --git a/plugins/msol/msol.py b/plugins/msol/msol.py
@@ -79,6 +79,12 @@ def msol_authenticate(url, username, password, useragent, pluginargs):
                 data_response['result'] = "failure"
                 data_response['output'] = f'[-] FAILURE ({error_code}): Tenant for account {username} is not using AzureAD/Office365'
 
+            elif "AADSTS53003" in error:
+                # Access successful but blocked by CAP
+                data_response['result'] = "success"
+                data_response['output'] = f"[+] SUCCESS ({error_code}): {username}:{password} - NOTE: The response indicates token access is blocked by CAP"
+                data_response['valid_user'] = True  
+
             elif "AADSTS50076" in error:
                 # Microsoft MFA response
                 data_response['result'] = "success"

diff --git a/plugins/template/MS_Template/template.py b/plugins/template/MS_Template/template.py
@@ -81,6 +81,12 @@ def template_authenticate(url, username, password, useragent, pluginargs): # TOD
                 data_response['result'] = "failure"
                 data_response['output'] = f'[-] FAILURE ({error_code}): Tenant for account {username} is not using AzureAD/Office365'
 
+            elif "AADSTS53003" in error:
+                # Access successful but blocked by CAP
+                data_response['result'] = "success"
+                data_response['output'] = f"[+] SUCCESS ({error_code}): {username}:{password} - NOTE: The response indicates token access is blocked by CAP"
+                data_response['valid_user'] = True  
+
             elif "AADSTS50076" in error:
                 # Microsoft MFA response
                 data_response['result'] = "success"
@@ -104,7 +110,6 @@ def template_authenticate(url, username, password, useragent, pluginargs): # TOD
                 data_response['result'] = "potential"
                 data_response['output'] = f"[?] WARNING ({error_code}): The account {username} appears to be locked."
 
-
             elif "AADSTS50055" in error:
                 # User password is expired
                 data_response['result'] = "success"