-
Notifications
You must be signed in to change notification settings - Fork 116
O365
This plugin has been deprecated due to Microsoft blocking Basic auth for all tenants. Since no tenant can turn this functionality on, there is no longer a use for this plugin. See the Microsoft Bulletin here and the associated CredMaster Issue here.
The O365 module is for brute-forcing Office365 instances using the "autodiscover-s.outlook.com" URL method. This works for both Managed/Federated environments.
NOTE: Outlook Autodiscover (which this plugin uses) may have Basic authentication disabled, which may skew results of your spray. Keep this in mind, read more here: https://support.microsoft.com/
This module was based off byt3bl33d3r's SprayingToolkit.
This plugin does not require any additional arguments.
TBD, more research required (feel free to PR with notes). Azure SmartLockout may apply to rate limit requests, however I've only dealt with that for tools that do not rotate IP addresses.
python3 credmaster.py --access_key <key> --secret_access_key <key> \
--plugin o365 \
-u userfile.txt -p passfile.txt -a useragents.txt -o outputfile \
-t 5 -j 20 -m 10 -d 360 --passwordsperdelay 3