# MAAD-AF Password Brute Force

This module allows an attacker to launch a password brute-force attack against 
an Azure AD account to gain access. The module requires a password file to use 
as a password dictionary.

## Obtaining a dictionary file

Note that this module requires a password dictionary file to use during brute
force attempts.  An attacker may wish to leverage a large dictionary file to
increase odds of success, but in the name of time for this lab, you may download
an abridged file [here](./password_dictionary.txt).

**NOTE:** Any password dictionary file used must be in plaintext (`.txt`)
format, and saved in the same folder as the `MAAD_Attack.ps1` script.

![MAAD Password File](images/maad_password_file.png)

## Module Overview - DRAFT

**NOTE TO ENABLEMENT TEAM:** We may need to find a more sustainable example to
use for lab users and adjust the verbiage below accordingly.

1. From the main Attack Arsenal menu, enter `11` for `Brute Force Password to
   Gain Access`. Read through the MITRE information, and press `<Enter>` to 
   continue.

2. Launch a Brute Force attack against the `ryan_howard@demolab.vectra.ai` 
   account.

3. Enter the full name of the password dictionary file you are using.

   **NOTE:** MAAD-AF may try and suggest possible files that it finds in the
   same directory as the `MAAD_Attack.ps1` script.  For the purposes of this
   lab, the recommendations can be ignored.

4. Observe the progress bar on top to see real time progress of the attack. If 
   the brute-force is successful, MAAD-AF will display details of its findings. 
   The module will print a failure or success message, as seen below:

   ![MAAD Brute Force Unsuccessful](images/maad_brute_force_unsuccessful.png)

## Validation

Enter the password that cracked Ryan's account.