Locked accounts - That Talon didn't lock.
ZerkerEOD opened this issue · comments
I like this password spray tool. This isn't much of a bug rather than a feature request. I am running this against an organization that has thousands of employees. I enumerated about 3-4k so far and ran it with passwords that are common or revealed in prior breaches. I know large organizations may have a lot of locked accounts that Talon does not lock but return locked on the first pass. Would it be possible to add an option that either on the first pass (probably not Talon's fault) removes locked accounts from the list without asking every single time if I want to continue, 2nd attempt per password could be Talon's fault, though, or a flag that if either X number in a row returns locked (probably from Talon at that point)? Having user input every single time slows the scanning down if I am just going to continue since it's on the first pass.
Sorry, It seems the email alert for this alert got lost in my inbox. You want me to add an option to parse and create a separate list for you of non-locked-out accounts that Talon detects?
So, I figured out how to use the user enumeration option and grep through to get users that are not locked out. One thing I noticed is that it's common on large engagements especially to start getting a few locked accounts during running. Anyway to add an option to stop and ask if n repetitive accounts get locked or something like if n out of the last m locked ask to continue? It was hard to watch it all day when I was running it for several days for each time a single account came back locked. I like the default action but adding additional options for lock out warning could be beneficial.
I just want to add that this is an amazing tool and I've started to get my fellow coworkers switching to this.
Why thank you. I appreciate the feedback. I can take a look at adding something like that. It may take me some time as I am quite busy atm.
@Tylous, I have studied Golang a little bit and may try to look over the code and make the adjustments. I am by no means an actual go developer, but if I get something working, I will submit it as a pull request (even if it's just helping me learn more and not used).
@Tylous, I would love a little help if you have some time. I have the code changed to do what I think (the logic makes sense, I just need to test it). I am struggling with getting go install to pull from the fork and install and I get errors about go.mod when your version doesn't have it but it works with go install. Any tips? If I do the go mod init for my package, I get errors pertaining to I initialized ZerkerEOD/Talon but it was required github.com/ZerkerEOD/Talon yet the module inside the go.mod has the github version.
Disregard my last comment. I have it working and installed my fork. I will try to perform some testing on the next engagement I have and if it appears to work, I will submit a pull request