From 552271b6d322f45b2c1db55350c88a170656b167 Mon Sep 17 00:00:00 2001 From: Dale Hobbs Date: Thu, 28 Oct 2021 11:46:52 -0700 Subject: [PATCH 1/4] Create test.txt --- test.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 test.txt diff --git a/test.txt b/test.txt new file mode 100644 index 0000000..e69de29 From 943dc8d0757b8ce72027c32226d6c3fd2e0f7b47 Mon Sep 17 00:00:00 2001 From: Dale Hobbs Date: Thu, 28 Oct 2021 11:47:53 -0700 Subject: [PATCH 2/4] Update MSOLSpray.ps1 --- MSOLSpray.ps1 | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/MSOLSpray.ps1 b/MSOLSpray.ps1 index 3327392..def92b7 100644 --- a/MSOLSpray.ps1 +++ b/MSOLSpray.ps1 @@ -107,10 +107,13 @@ # Here is a referense list of all the Azure AD Authentication an Authorization Error Codes: # https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes - # Standard invalid password + # Standard invalid password + # my modifications here If($RespErr -match "AADSTS50126") { - continue + Write-Output "[*] WARNING! Valid user, but invalid password $username : $password." + $fullresults += "Valid user, but invalid password : $username" + #continue } # Invalid Tenant Response From d183ab439aee19f81db36cbec83dc3e3b448b0e9 Mon Sep 17 00:00:00 2001 From: Dale Hobbs Date: Thu, 28 Oct 2021 12:22:11 -0700 Subject: [PATCH 3/4] Invalid-Users Updated the powershell script to log log user accounts with the AADSTS error code AADSTS50126 (InvalidUserNameOrPassword) to both the screen as well as to the log when using the -Outfile parameter. --- MSOLSpray.ps1 | 2 +- test.txt | 0 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 test.txt diff --git a/MSOLSpray.ps1 b/MSOLSpray.ps1 index def92b7..bf2ddbb 100644 --- a/MSOLSpray.ps1 +++ b/MSOLSpray.ps1 @@ -111,7 +111,7 @@ # my modifications here If($RespErr -match "AADSTS50126") { - Write-Output "[*] WARNING! Valid user, but invalid password $username : $password." + Write-Host -ForegroundColor "yellow" "[*] WARNING! Valid user, but invalid password for $username." $fullresults += "Valid user, but invalid password : $username" #continue } diff --git a/test.txt b/test.txt deleted file mode 100644 index e69de29..0000000 From b7fd997bf8fe964dec253e87d5841a8f7cf139d9 Mon Sep 17 00:00:00 2001 From: Dale Hobbs Date: Thu, 28 Oct 2021 12:32:23 -0700 Subject: [PATCH 4/4] InvalidUserNameOrPassword log the accounts with the AADSTS error code AADSTS50126 (InvalidUserNameOrPassword) to both the screen as well as to the log when using the -Outfile parameter. --- MSOLSpray.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MSOLSpray.ps1 b/MSOLSpray.ps1 index bf2ddbb..3dd7991 100644 --- a/MSOLSpray.ps1 +++ b/MSOLSpray.ps1 @@ -111,9 +111,9 @@ # my modifications here If($RespErr -match "AADSTS50126") { + #Write the accounts that result in the AADSTS error code AADSTS50126 (InvalidUserNameOrPassword) to both the screen as well as to the log file when using the -Outfile parameter. Write-Host -ForegroundColor "yellow" "[*] WARNING! Valid user, but invalid password for $username." $fullresults += "Valid user, but invalid password : $username" - #continue } # Invalid Tenant Response