Ubuntu 20.04 Python 3.8.10

Running into this issue when attempting to run spray365.

$ python3 spray365.py

Traceback (most recent call last):
  File "spray365.py", line 2, in <module>
    from modules.core.output import console
  File "/home/nancea/Spray365/modules/core/output/console.py", line 74, in <module>
    line_terminator: str | None,
TypeError: unsupported operand type(s) for |: 'type' and 'NoneType'

EDIT to fix formatting

Hi there,

Sometimes it happens, but not always. I get an error that stops the spraying.

An error occured while spraying credentials: 'Unable to get authority configuration for https://login.microsoftonline.com/organizations. Authority would typ
 https://login.microsoftonline.com/your_tenant_name'

Getting this error right after "Authentication Success" for a valid M365 user in the tenant:
ERROR]: An error occured while spraying credentials: ' 'NoneType' object has no attribute 'error_code'

I'll try to debug this in the code for why this is happening. When I proxy the request through Burp Suite it shows a successful OAuth code flow with a bearer token response. So authentication is working, but it might be an issue with parsing the response. Don't know why the code is looking for an "error_code" when it is a success.

This looks like a great tool @MarkoH17 - thanks for the contribution.

Describe The Problem To Be Solved Currently, the user has to start separate Spray365 instances if targeting multiple organizations/tenants.

Additionally, smart-lockout controls could potentially lean on the fact that multiple failed attempts are occurring in succession for a single organization.

Suggested Solution To fix this issue, Spray365 should allow for:

• The creation of execution plans targeting multiple domains with a much larger list of users
• The creation of execution plans using a user list containing emails. Currently, the domain for the targeted tenant must be specified using a separate CLI flag
• Show the specific domain being targeted in stdout

Again, similar to the other issue I created, getting a handle on where I would implement this functionality is proving difficult. Let me know your thoughts on this and if I can provide any assistance. Thanks!

Describe The Problem To Be Solved Smart-lockout is the biggest issue faced when password spraying Microsoft services. While a general assumption on my part, I assume that this security control is based less on source IP and more on the frequency of failed login attempts for a tenant.

Currently, Spray365 exits entirely after a lockout threshold is met which does not work well for long running password sprays as the job must be manually started again to continue.

Suggested Solution To fix this issue, Spray365 should provide the option to pause for an elongated period of time before continuing with the password spray. For example, if the specified lockout threshold is met, pause execution for two hours before continuing again.

Even more ideally, allow this pause time frame to dynamically increase every time the original lockout threshold is met. For example, the following spray workflow could occur:

• A lockout threshold of 10 is set on initial execution along with a pause spray time period of two hours
• A password spray is started and after approximately 100 attempts, the lockout threshold is met
• The utility pauses the password spray for two hours as specified
• After the time frame has elapsed the spray is started
• Again after another 200 attempts, the lockout threshold is met and the tool pauses for four hours now instead of two
• After the threshold is met X number of times and the paused execution time frame is expanded Y times, the password spray exits

Ideally, this dynamically expanding pause execution timeframe and the condition used to determine if the tool should exit, could also be added as command line options on run.

While the code in Spray365 is very well written, getting a handle on where I would implement this functionality is proving difficult. Let me know your thoughts on this and if I can provide any assistance. Thanks!

Here is my proposed fix. In some cases authentication success does not have a result.auth_erorr. Therefore it was failing here. Just had a simple check for pass if it is None:

    if result.auth_error is None:
        pass
    else:
        if result.auth_error.error_code == 50053:
            global_lockouts_observed += 1

Hello,

I have used:

python3.10 spray365.py generate normal -ep ex-plan.s365 -d dom.de -u users.txt -pf pwds.txt

It is a fresh install.

python3.10 spray365.py spray -ep ex-plan.s365                                                    

███████╗██████╗ ██████╗  █████╗ ██╗   ██╗██████╗  ██████╗ ███████╗
██╔════╝██╔══██╗██╔══██╗██╔══██╗╚██╗ ██╔╝╚════██╗██╔════╝ ██╔════╝                                                                                                                                                                           
███████╗██████╔╝██████╔╝███████║ ╚████╔╝  █████╔╝███████╗ ███████╗                                                                                                                                                                           
╚════██║██╔═══╝ ██╔══██╗██╔══██║  ╚██╔╝   ╚═══██╗██╔═══██╗╚════██║                                                                                                                                                                           
███████║██║     ██║  ██║██║  ██║   ██║   ██████╔╝ ██████╔╝███████║                                                                                                                                                                           
╚══════╝╚═╝     ╚═╝  ╚═╝╚═╝  ╚═╝   ╚═╝   ╚═════╝  ╚═════╝ ╚══════╝                                                                                                                                                                           
                         By MarkoH17 (https://github.com/MarkoH17)                                                                                                                                                                           
                                               Version: 0.2.2-beta                                                                                                                                                                           
                                                                                                                                                                                                                                             
[2022-08-05 06:37:15 - INFO]: Processing execution plan 'ex-plan.s365'
[2022-08-05 06:37:15 - INFO]: Identified 18650 credentials in the provided execution plan
[2022-08-05 06:37:15 - INFO]: Password spraying will take at least 559500 seconds, and should finish around 2022-08-11 18:02:15
[2022-08-05 06:37:15 - INFO]: Lockout threshold is set to 10 accounts
[2022-08-05 06:37:15 - INFO]: Starting to spray credentials
An exception was raised: RuntimeError650] (win_ie11_win8->webshellsuite->outlook): testaccount / thepassword (waiting...)
Stack trace from most recent exception:
Traceback (most recent call last):
  File "/home/myaccount/tools/Spray365/modules/spray/spray_exception_wrapper.py", line 13, in invoke
    return super(SprayExceptionWrapper, self).invoke(ctx)
  File "/home/myaccount/.local/lib/python3.10/site-packages/click/core.py", line 1404, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/myaccount/.local/lib/python3.10/site-packages/click/core.py", line 760, in invoke
    return __callback(*args, **kwargs)
  File "/home/myaccount/tools/Spray365/modules/spray/spray.py", line 159, in command
    auth_result = helpers.authenticate_credential(cred, proxy, insecure)
  File "/home/myaccount/tools/Spray365/modules/spray/helpers.py", line 52, in authenticate_credential
    raw_result = auth_app.acquire_token_by_username_password(
  File "/home/myaccount/.local/lib/python3.10/site-packages/msal/application.py", line 1420, in acquire_token_by_username_password
    response = _clean_up(self._acquire_token_by_username_password_federated(
  File "/home/myaccount/.local/lib/python3.10/site-packages/msal/application.py", line 1447, in _acquire_token_by_username_password_federated
    wstrust_result = wst_send_request(
  File "/home/myaccount/.local/lib/python3.10/site-packages/msal/wstrust_request.py", line 60, in send_request
    return parse_response(resp.text)
  File "/home/myaccount/.local/lib/python3.10/site-packages/msal/wstrust_response.py", line 49, in parse_response
    raise RuntimeError("WsTrust server returned error in RSTR: %s" % (error or body))
RuntimeError: WsTrust server returned error in RSTR: {'reason': 'ID3242: The security token could not be authenticated or authorized.', 'code': 'a:FailedAuthentication'}
[2022-08-05 06:37:16 - INFO]: Authentication results saved to file 'spray365_results_2022-08-05_06-37-16.json'

It seems the msal library has been modified. I think authentication now requires a UPN, an not a username only.

Best regard,

Have used this tool successfully before. Recently tried to run a spray after creating an execution plan like normal. However when running sudo python3 spray365.py spray -ep spray_ep -l 2 the tool seems to load fine but errors out after making one request An exception was raised: Value Error

Have tried running in two kali env's (Bare metal & VM) but same error.