Hi!

Previous article: AAD | Enabled or not?

In this article, I will show you how you can enumerate valid emails/accounts of an Azure Active Directory. By making the POST request to ‘https://login.microsoftonline.com/common/GetCredentialType‘ with a JSON body containing the email id its possible to analyze the valid email id. If the « IfExistsResult » key value is 0 it means the user exists. Invalid accounts will return a 1.

Example in python:

import requests
body = '{"Username":"random.name@XYZ.com"}'
response = requests.post("https://login.microsoftonline.com/common/GetCredentialType", data=body).json()
if response["IfExistsResult"] == 0:
    print("Valid User")

To automate this enumeration, I will use o365creeper. This script takes either a single email address or a list of email addresses as input, sends a request to Office 365 without a password.

python o365creeper.py -e user@yourdomain.com

Maxime.