Password Spray/Brute-Force

Password Spray Attack: We will use a single password across multiple enumerated users to attempt unauthorized access.

Risks: This method is noisy and can lead to detection due to multiple failed login attempts.

Azure Attack Targets: In Azure, password spray attacks can target various API endpoints such as Azure AD Graph, Microsoft Graph, Office 365 Reporting Webservice, and others, making it possible to exploit different services within the Azure environment.

We can use MSOLSpray (https://github.com/dafthack/MSOLSpray) for password spray against the accounts that we discovered.
The tool supports fireprox (https://github.com/ustayready/fireprox) to rotate source IP address on auth request.

. C:\AzAD\Tools\MSOLSpray\MSOLSPray.ps1 

Invoke-MSOLSpray -UserList C:\AzAD\Tools\validemails.txt -Password SuperVeryEasytoGuessPassword@1234 -Verbose

PreviousInitial Access NextEntra ID - Authentication and APIs

Last updated 6 months ago