MFade

A tool to find failure points in Microsoft Multi Factor Authentication configurations from an attacker’s perspective but with some extra OPSEC features.

Installation

git clone https://github.com/ibaiC/MFade.git
python3 -m pip install -r requirements.txt

Usage

MFade.py [-h] [--username USERNAME] [--password PASSWORD] [--recon] [--adfs] [--sleep SLEEP] [--jitter JITTER] [--ioc] [--exclude EXCLUDE]

Flags

options:
  -h, --help            show this help message and exit
  --username USERNAME, -u USERNAME
                        target email address (e.g e.alderson@evilcorp.com)
  --password PASSWORD, -p PASSWORD
                        target's password
  --recon, -r           script will attempt to locate ADFS configurations
  --adfs                script will attempt to login to ADFS in addition to the other Microsoft protocols
  --sleep SLEEP, -s SLEEP
                        OPSEC: how long to sleep between authentication attempts (in seconds)
  --jitter JITTER, -j JITTER
                        OPSEC: percentage change added to sleep value for further sleep randomisation (0-100)
  --ioc                 OPSEC: Print a report with the generated HTTP request times and their corresponding target URLs
  --exclude EXCLUDE, -e EXCLUDE
                        OPSEC: Exclude given checks. Provide the checks to exclude as a comma-separated list. Possible values are: gapi,asm,ews,as,mwp-W,mwp-L,mwp-M,mwp-A,mwp-I,mwp-wp. Check the source
                        code for mappings

This program is made for use in authorised environments. Please do not use it for evil.

Examples

$ python3 MFade.py --username "mfatest@offsec.nl" --password "Welcome1234"

___  _________        _      
|  \/  ||  ___|      | |     
| .  . || |_ __ _  __| | ___ 
| |\/| ||  _/ _` |/ _` |/ _ \
| |  | || || (_| | (_| |  __/
\_|  |_/\_| \__,_|\__,_|\___|
                             
########## MICROSOFT API CHECKS ##########
[i] === Logging into Microsoft Graph API ===
[*] Success! mfatest@offsec.nl is able to authenticate to the Microsoft Graph API
[*] The MSOnline PowerShell module can be used to leverage this.
[i] === Logging into Microsoft Service Management API ===
[*] Success! mfatest@offsec.nl is able to authenticate to the Microsoft Service Management API
[*] The Az PowerShell module can be used to leverage this.


########## MICROSOFT WEB PORTAL CHECKS ##########
[i] === Logging into Microsoft Web Portal with Windows User Agent ===
[-] Login failed.
[i] === Logging into Microsoft Web Portal with Linux User Agent ===
[-] Login failed.
[i] === Logging into Microsoft Web Portal with Mac OS User Agent ===
[*] SUCCESS! mfatest@offsec.nl was able to authenticate to the Microsoft 365 Web Portal. Checking MFA now...
[-] Login failed.
[i] === Logging into Microsoft Web Portal with Android User Agent ===
[-] Login failed.
[i] === Logging into Microsoft Web Portal with iPhone User Agent ===
[*] SUCCESS! mfatest@offsec.nl was able to authenticate to the Microsoft 365 Web Portal. Checking MFA now...
[-] Login failed.
[i] === Logging into Microsoft Web Portal with Windows Phone User Agent ===
[*] SUCCESS! mfatest@offsec.nl was able to authenticate to the Microsoft 365 Web Portal. Checking MFA now...
[-] Login failed.


########## LEGACY AUTH CHECKS ##########
=== Logging into Exchange Web Services ===
[-] Login failed to Exchange Web Services
=== Logging into Microsoft Active Sync ===
[-] Login failed to Microsoft Active Sync


[i] === SINGLE FACTOR ACCESS RESULTS: ===

    Microsoft Graph API                                 YES
    Microsoft Service Management API                    YES
    Microsoft 365 Web Portal w/ Windows User Agent      NO
    Microsoft 365 Web Portal w/ Linux User Agent        NO
    Microsoft 365 Web Portal w/ Mac OS User Agent       NO
    Microsoft 365 Web Portal w/ Android User Agent      NO
    Microsoft 365 Web Portal w/ iPhone User Agent       NO
    Microsoft 365 Web Portal w/ Win Phone User Agent    NO
    Exchange Web Services                               NO
    Active Sync                                         NO
    ADFS found                                          NO
    ADFS Auth                                           NO

URL list