Phishing

Device Code Phishing to PRT

Note

Below example is mainly to enroll a new device for the victim user in order to obtain the Primary Refresh Token (PRT) since it requires a device identity.

1. Retrieve device code with roadtx.

Note

You may change the clientId and resource according to your needs.

roadtx auth --device-code -c 29d9ed98-a469-4536-ade2-f981bc1d605e -r drs

Upon valid authentication made by the victim. You should retrieve both refresh token and access token for device registration service (drs)

References

• https://dirkjanm.io/phishing-for-microsoft-entra-primary-refresh-tokens/
• https://swisskyrepo.github.io/InternalAllTheThings/cloud/azure/azure-phishing/#device-code-phishing