ADFSpray
ADFSpray is a python3 tool to perform password spray attack against Microsoft ADFS. ALWAYS VERIFY THE LOCKOUT POLICY TO PREVENT LOCKING USERS.
How to use it
First, install the needed dependencies:
pip3 install -r requirements.txt
Run the tool with the needed flags:
python3 ADFSpray.py -u [USERNAME] -p [PASSWORD] -t [TARGET URL] [METHOD]
Options to consider
- adfs|autodiscover|basicauth
- the method of authentication to use, autodiscover uses NTLM, adfs is MicrosoftForm and basic auth is well...basic authentication
- suggested targets:
- NTLM - https://autodiscover.[COMPANY].com/autodiscover/autodiscover.xml
- basicauth - https://reports.office365.com/ecp/reportingwebservice/reporting.svc
- adfs - https://[SSO-SUBDOMAIN].[COMPANY].com (without /adfs/ls/)
- -p\-P
- single password or file with passwords (one each line)
- -t\-T
- single target or file with targets (one each line)
- -u\-U
- single username or file with usernames (one each line)
- -o
- output file name (csv)
- -s
- throttling time (in seconds) between attempts
- -r
- random throttling time between attempts (based on user input for min and max values)
Credit
Inspired by:
- https://github.com/Mr-Un1k0d3r/RedTeamScripts/blob/master/adfs-spray.py
- https://github.com/Mr-Un1k0d3r/RedTeamScripts/raw/master/password-spray.py
- https://danielchronlund.com/2020/03/17/azure-ad-password-spray-attacks-with-powershell-and-how-to-defend-your-tenant/
Issues, bugs and other code-issues
Yeah, I know, this code isn't the best. I'm fine with it as I'm not a developer and this is part of my learning process. If there is an option to do some of it better, please, let me know.
Not how many, but where.