MSSpray is used to conduct password spray attacks against Azure AD as well as validate the implementation of MFA on Azure and Office 365 endpoints
------------------------------------------------------------
| ;---<<<<,______________________________________________ |
| _|_ / / ____/ ____/ __ / __ / __ / / / |
| / \ / / / /____ /____ / ___/ __/ / \ / |
| | | /__/__/__/______/______/__/ /__/\_\__/__/ /__/ |
| |___| |
------------------------------------------------------------
Perform a password spray against the selected endpoint with the supplied userfile (one email address per line) and password and the option to stop on success (stop):
python3 msspray.py spray <userfile> <password> <endpoint_selection> <stop/blank>
Check each endpoint for authentication with a valid username and password:
python3 msspray.py validate <username> <password>
Number | Endpoint | Endpoint URL |
---|---|---|
[1] | aad_graph_api | https://graph.windows.net |
[2] | ms_graph_api | https://graph.microsoft.com |
[3] | azure_mgmt_api | https://management.azure.com |
[4] | windows_net_mgmt_api | https://management.core.windows.net |
[5] | cloudwebappproxy | https://proxy.cloudwebappproxy.net/registerapp |
[6] | officeapps | https://officeapps.live.com |
[7] | outlook | https://outlook.office365.com |
[8] | webshellsuite | https://webshell.suite.office.com |
[9] | sara | https://api.diagnostics.office.com |
[10] | office_mgmt | https://manage.office.com |
[11] | msmamservice | https://msmamservice.api.application |
[12] | spacesapi | https://api.spaces.skype.com |
[13] | datacatalog | https://datacatalog.azure.com |
[14] | database | https://database.windows.net |
[15] | AzureKeyVault | https://vault.azure.net |
[16] | onenote | https://onenote.com |
[17] | o365_yammer | https://api.yammer.com |
[18] | skype4business | https://api.skypeforbusiness.com |
[19] | o365_exchange | https://outlook-sdf.office.com |
spray against https://graph.windows.net, stopping on first successful login
python3 msspray.py spray users.txt Spring2020 1 stop
spray against https://management.core.windows.net
python3 msspray.py spray users.txt Spring2020 4
check all endpoints using valid account
python3 msspray.py validate bill.smith@sra.io ReallyBadPass
Blog Post: https://sra.io/blog/msspray-wait-how-many-endpoints-dont-have-mfa/
For any questions, feel free to reach out to me on Twitter @__TexasRanger