blacklanternsecurity/TREVORspray

Error when using the Okta module

Closed this issue · 3 comments

When running the following command:

poetry run trevorspray -u Users -p password -m okta -j 10 --random-useragent --ssh root@IP root@IP root@IP root@IP root@IP -n

The tool then fires up and outputs this:

[USER] Enter target subdomain (<subdomain>.okta.com): subdomain

And after entering the valid subdomain, the following error occurs:

[ERRR] Unhandled error in Okta.create_request(): 'subdomain' (-v to debug)
[ERRR] Traceback (most recent call last): File "/root/tools/TREVORspray/trevorspray/lib/proxy.py", line 247, in check_cred prepared_request = sprayer.create_request(user, password).prepare() File "/root/tools/TREVORspray/trevorspray/lib/sprayers/base.py", line 78, in create_request url = self.url.format(**self.globalparams, **runtimeparams) KeyError: 'subdomain'

Using Python 3.8.7 in Kali Linux

Not sure what the issue is, thanks!

Nice find. I've pushed a few changes that should fix this. Can you try again with the latest dev branch?

pip install --force-reinstall git+https://github.com/blacklanternsecurity/trevorspray@dev

Now getting a lot of this when spraying accounts:

[This operation is not allowed in the current authentication state.] (Response code 403)

Guessing this is working properly now and that's the throttling coming into play?

Also, the finished spraying line says this:

Finished spraying 54 users against https://{subdomain}.okta.com/api/v1/authn

Guessing it should be the actual subdomain inside those brackets? Is that just a small oversight or is it not actually taking the subdomain value when spraying?

Thanks for the quick turnaround!

Yes, it looks like you are being rate limited.

The actual requests do contain the subdomain; you can verify this with -v.