Comments (8)
Sending garbage in as a flow token doesn't seem to fix it. The actual token is generated client site in JS.
from credmaster.
Rare for me to see an issue from you without a PR, do you have any idea how to differentiate?
I'm a little confused by the two JSON objects, it seems like the first one is what you're saying needs to change (ifexistsresult 1) so we would need to figure out what the difference would be elsewise?
from credmaster.
Sorry man, I'm only human. I'll send some other PR (maybe add pet credmaster
functionality?) to make up for it 😉
The issue seems to be that calling as credmaster does (without the other variables that are computed via clientside JS), you get "user not found" vs "user exists, but don't use a password". I haven't been able to figure out how to get that value correctly as of yet.
from credmaster.
The second JSON object where the correct result is retuned is from burp-proxying the request through the normal web flow
from credmaster.
Hahah, pet credmaster
would be creepy but an invaluable contribution to the tool.
So are you saying that the clientside JS determines different request variables, which then impacts the response itself?
from credmaster.
Just as an input, not sure if it helps anything...
I used the tool with the o365 module against a list of test users with a valid password. All of them returned "FAILURE".
The response code 401 was returned for all requests (even though MFA excluded, correct password).
Using the module msol however worked and identified the correct credentials.
Maybe Microsoft changed something in the autodiscover
url / endpoint so that this does not work anymore? If I have time for further debugging, I'll let you know.
from credmaster.
Yeah I just opened ann issue on that I belive it is because of AADSTS53003 or the CAP policy
from credmaster.
Just as an input, not sure if it helps anything... I used the tool with the o365 module against a list of test users with a valid password. All of them returned "FAILURE". The response code 401 was returned for all requests (even though MFA excluded, correct password). Using the module msol however worked and identified the correct credentials. Maybe Microsoft changed something in the
autodiscover
url / endpoint so that this does not work anymore? If I have time for further debugging, I'll let you know.
Microsoft disabled BasicAuth for all tenant, which the o365 plugin rely on.
from credmaster.
Related Issues (20)
- o365enum module creates the output file, then checks if it exists, then dies because it exists HOT 1
- Okta module won't run with more than one thread, won't run with zero threads
- Flawed logic in EWS results improper detection HOT 1
- Clean command can cause a `Too Many Requests` error thrown by boto3 `DeleteRestApi` HOT 1
- [Feature request] Remove found creds from future sprays
- Wiki Permissions HOT 2
- Add ability to spray user = password HOT 1
- TooManyRequestsException on thread creation HOT 1
- MSOL Plugin: Handle BlockedByConditionalAccess (AADSTS53003) HOT 1
- Fortinet Plugin : 500 internal error HOT 1
- Delay problems HOT 1
- TypeError: '>' not supported between instances of 'NoneType' and 'int' HOT 1
- [azuresso] error when using plugin azuresso HOT 3
- Office 365 Showing Failure for Valid Credentials
- AADSTS53003 error related to Conditional Access Policy(CAP) isn't registred as a successful spray HOT 3
- o365 plugin does not work anymore HOT 8
- [Fireprox] SSO profiles fail
- Lockout Potential: Delay Skipped For Unknown Reasons HOT 4
- ADFS module always reports success despite invalid credentials HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from credmaster.