Attacking Login Portals

Overview and Strategy

At this point you should have identified Login portals to attack, List of possible employees/emails and Password strategies to employ. An easy login portal to identify is the Office365 one.

Identifying the Password Policy is very important for choosing a password spraying strategy. For the most part we assume Upper/Lower case, Numbers and Special Characters.

What's the name of the company? Are they in a major city? Any big sports teams there? What's the address of the company? Any local colleges people attended? Maybe they're using leet speak.

We need to use the password strategies with the highest probability first and work our way down.

A common password combination is the current Season, Year (2024 / 24) and a Special Character. You might have to back date it if the passwords aren't changed often.

Content

Password Spraying O365
Password Spraying OWA
Attacking Other Portals
Bypassing MFA

PreviousReviewing and Extracting Information NextPassword Spraying O365

Last updated 1 year ago

Was this helpful?