Comments (8)
According to Microsoft, no one can enable the Basic Authentication on any tenant:
Now no one (you or Microsoft support) can re-enable Basic authentication in your tenant
Not sure it's worth keeping since it should not work on any tenant.
from credmaster.
Interesting. I opened a similar issue: #67. Do you think what I am seeing is because of what actually Microsoft implemented?
from credmaster.
Confirming here that with valid creds Credmaster still says authentication failed using the o365 plugin.
from credmaster.
I think the best alternative is to use the MSOL plugin.
from credmaster.
The MSOL and AzureSSO plugins still work. However, both trigger Smart Lockout after about 10 failed logins, which the o365 plugin did not. It's a shame; it appears the era of easy Microsoft spraying are over (unless anyone else has found a way to bypass Smart Lockout that I've missed).
from credmaster.
Hey everyone, you're all correct, it does appear that the o365
plugin is dead, may it rest in peace. I'll update the docs and plugin details to reflect this and close this issue when complete
from credmaster.
Tagging all those above: @TwistedSim @alecmoran1 @LukeLauterbach @kpomeroy1979 @TheToddLuci0
Would the community prefer this plugin be simply removed, have a big "WARNING" sign upon running (but still running as usual), or just run with an error message stating "this plugin is no longer supported, see MS docs: here"
from credmaster.
Repo updated to remove the o365
plugin. o365enum
still works so nothing touched there
cf21775
https://github.com/knavesec/CredMaster/wiki/O365
from credmaster.
Related Issues (20)
- Okta module won't run with more than one thread, won't run with zero threads
- Flawed logic in EWS results improper detection HOT 1
- Clean command can cause a `Too Many Requests` error thrown by boto3 `DeleteRestApi` HOT 1
- [Feature request] Remove found creds from future sprays
- Wiki Permissions HOT 2
- Add ability to spray user = password HOT 1
- TooManyRequestsException on thread creation HOT 1
- MSOL Plugin: Handle BlockedByConditionalAccess (AADSTS53003) HOT 1
- Fortinet Plugin : 500 internal error HOT 1
- Delay problems HOT 1
- TypeError: '>' not supported between instances of 'NoneType' and 'int' HOT 1
- [O365Enum] Users with passwordless auth return not found HOT 8
- [azuresso] error when using plugin azuresso HOT 3
- Office 365 Showing Failure for Valid Credentials
- AADSTS53003 error related to Conditional Access Policy(CAP) isn't registred as a successful spray HOT 3
- [Fireprox] SSO profiles fail
- Lockout Potential: Delay Skipped For Unknown Reasons HOT 4
- ADFS module always reports success despite invalid credentials HOT 3
- Issue with AWS API Sessions Not Terminating on Keyboard Interruption HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from credmaster.