Spraying & Roasting
Azure / Office365
Search for emails, based on tech stack, default usernames, OSINT information etc., then enumerate which ones are valid with https://github.com/LMGsec/o365creeper . This does not cause logs to be written or lockouts to be triggered, so it is pretty safe to do.
Use https://github.com/dafthack/MSOLSpray to Spray vs Office365. To not get banned by microsoft, using https://github.com/ustayready/fireprox as described on the MSOLSpray repo is advised, which will use an AWS API Gateway to rotate the IPs you are accessing from. An incrementing time based lockout occurs after 10 attempts per account, so be careful.
Ideally this will result in at least 1 valid user account.
Kerbrute
OWA
Using https://github.com/byt3bl33d3r/SprayingToolkit:
Kerberoast
Make sure your time + timezone and the targets time are in sync, kerberos is very time sensitive. You can view the time on windows with tzdate /g
or on Linux rdate -n <targetip>
Covenant
Impacket
Native
PowerSploit
ASREPRoast
Without credentials for a list of users:
With credentials for all users:
Last updated