Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

o365 plugin does not work anymore #68

Closed
TwistedSim opened this issue Oct 12, 2023 · 8 comments
Closed

o365 plugin does not work anymore #68

TwistedSim opened this issue Oct 12, 2023 · 8 comments

Comments

@TwistedSim
Copy link

TwistedSim commented Oct 12, 2023
edited
Loading

Hello,

I recently found out the the o365 module uses the autodiscover login (https://autodiscover-s.outlook.com) with BasicAuth to do the spraying. Recently, Microsoft have block Basic Auth authentication on all tenant (see https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online).

Is there plans to change the login method used by the module to fix this ?

Thanks
@TwistedSim TwistedSim changed the title o365 does not work on tenant with BasicAuth disable o365 does not work anymore Oct 12, 2023
@TwistedSim TwistedSim changed the title o365 does not work anymore o365 plugin does not work anymore Oct 12, 2023
@alecmoran1
Copy link

Interesting. I opened a similar issue: #67. Do you think what I am seeing is because of what actually Microsoft implemented?

@kpomeroy1979
Copy link

Confirming here that with valid creds Credmaster still says authentication failed using the o365 plugin.

@TwistedSim
Copy link
Author

I think the best alternative is to use the MSOL plugin.

@LukeLauterbach
Copy link
Contributor

The MSOL and AzureSSO plugins still work. However, both trigger Smart Lockout after about 10 failed logins, which the o365 plugin did not. It's a shame; it appears the era of easy Microsoft spraying are over (unless anyone else has found a way to bypass Smart Lockout that I've missed).

@knavesec
Copy link
Owner

Hey everyone, you're all correct, it does appear that the o365 plugin is dead, may it rest in peace. I'll update the docs and plugin details to reflect this and close this issue when complete

@knavesec knavesec mentioned this issue Nov 15, 2023
Closed
@knavesec
Copy link
Owner

knavesec commented Feb 7, 2024

Tagging all those above: @TwistedSim @alecmoran1 @LukeLauterbach @kpomeroy1979 @TheToddLuci0

Would the community prefer this plugin be simply removed, have a big "WARNING" sign upon running (but still running as usual), or just run with an error message stating "this plugin is no longer supported, see MS docs: here"

@TwistedSim
Copy link
Author

According to Microsoft, no one can enable the Basic Authentication on any tenant:

Now no one (you or Microsoft support) can re-enable Basic authentication in your tenant

Not sure it's worth keeping since it should not work on any tenant.

@knavesec
Copy link
Owner

knavesec commented Feb 8, 2024

Repo updated to remove the o365 plugin. o365enum still works so nothing touched there
cf21775
https://github.com/knavesec/CredMaster/wiki/O365

@knavesec knavesec closed this as completed Feb 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@TwistedSim @knavesec @kpomeroy1979 @alecmoran1 @LukeLauterbach