-
Notifications
You must be signed in to change notification settings - Fork 132
ADFS
Ellis Springe edited this page Sep 21, 2021
·
2 revisions
The ADFS module is for brute-forcing on-prem ADFS instances using the "/adfs/ls/" URI method.
Code and technique compliments of @frycos
The OWA plugin adds one new required argument, --url.
On prem ADFS can employ smart lockout for password spraying, this is difficult to detect. More information can be found here: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection (thanks @sprocket_ed)
python3 credmaster.py --access_key <key> --secret_access_key <key> \
--plugin adfs --url https://adfs.domain.com \
-u userfile.txt -p passfile.txt -a useragents.txt -o outputfile \
-t 5 -j 20 -m 10 -d 360 --passwordsperdelay 3