-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OWA/EWS Plugins Authentication Failed with Valid Credentials #7
Comments
Thanks for reaching out! Been tracking a few of these issues, NTLM auth seems to be having issues but appears to be failing inconsistently. In your experience are you seeing a false negative repeatably or simply one-off/semi-random? |
Second comment, are you 100% positive that OWA and O365 are connected (same auth, sometimes OWA is separate)? Also verify the OWA username format is correct. O365 username is email, but for OWA the username format (user@domain.com, DOMAIN\user, user) is dependent on the configuration |
Leaving this open for if anyone else sees this issue. Any info possible wold be great to help fix it |
Hey guys, I'm new to this tool but I think it's great so far. I correctly setup my AWS API Gateway and tried spraying using the 'o365' plugin with username of myemail@gmail.com and my password which I confirmed is correct. The tool reported 0 valid credentials even though I know 100% the credentials are valid. Any idea as to why? Thanks :) |
Hey @kpomeroy1979 Sounds like your issue is with the The office365 spraying method is specifically targeting emails whose domain's authentication schema is either managed by office365 or federated through some onsite STS/ADFS solution. My guess is (potentially wrong), Steps to reproduce:
If the authentication fails, this is not a credmaster problem, you are simply attempting to authenticate to the wrong endpoint. If the authentication succeeds, then we can discuss this on the new issue |
So just some thoughts on this:
I don't have a ton of time to look into this, but I would recommend modifying the OWA module to actually do the form-based auth instead of NTLM through autodiscover. |
In response to @puzzlepeaches recommendation, I've been looking at this lately. In my forked version I've changed the OWA plugin slightly to use forms auth against the /owa/owa.auth endpoint and it appears to be working. Would a PR be welcomed? |
@techspence a PR is always welcome! |
@knavesec see update owa plugin to use forms auth. Please let me know what you think! |
Having same issues tested with most plugins. Valid cred's getting valid user name invalid password response. with/without MFA enabled it doesn't say so based on response. Tested with this tool and the ones it uses outside of framework. It might not be the tool/plugin. |
While attempting to use the OWA/EWS plugins I am getting "Authentication Failed:" with a valid credential. O365 module works as expected for the same credentials. Possibly an issue with NTLM auth?
I'm curious if anyone has had success with these plugins before or have seen the same issue.
The text was updated successfully, but these errors were encountered: