This Metasploit module enumerates valid usernames and passwords against a Microsoft Azure Active Directory domain by utilizing a flaw in how SSO authenticates.
664e43cdf15daba2cbb268420497be465432a62dc34371333b79b38251894382
Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions.
f5cd05c837ee40cc8d76e4b5fce64d92ed540c8b1d92111ed48c20b1a0540540
Remote Desktop Web Access suffers form an authentication timing attack vulnerability.
e0b1f12f63b20a9cc74b61503ba89992e54293405c32e5580d3123384d352931