UC0006: Successfull OWA Password Spraying attack
Summary
| ID | UC0006 |
|---|---|
| Brief Description | Attackers can carry out a Password Spryaing attack through the publicly accessible interface of the Outlook Web Application. Their purpose may be to obtain a valid domain account for reading mail or authentication in other remote access systems. |
| Author | @ERMACK_COMMUNITY |
| Creation Date | 2022/10/26 |
| Modification Date | 2022/10/26 |
| ATT&CK Tactics | |
| ATT&CK Techniques | |
| Tags |
|
| Linked Response Playbooks | |
| Artifacts |
Description
Attackers can carry out a Password Spryaing attack through the publicly accessible interface of the Outlook Web Application. Their purpose may be to obtain a valid domain account for reading mail or authentication in other remote access systems.
Attack prerequisites
1) OWA Network Availability
Attack results
1) One or more domain accounts
Attack progress
Study
Password policy definition
Techniques Determining the minimum and maximum password lengths Determining the format of valid passwords Defining an Account Lockout Policy
Choose passwords
Techniques Selecting passwords from a list of generally accepted or created based on information about a particular user The choice of passwords is based on the password policies of the target system
Exploitation
Password guessing
Techniques Manually or automatically enter the first password for each known account on the target system. It is advisable to choose short and simple passwords first, because most users do this when choosing their password. Repeat previous step for each password