Too bad for the hours I spent writing this in C, but I did finally figure out how to do the Primary Refresh Token key derivation in Python. This means you can now use the session key from Mimikatz directly in roadlib/roadrecon! Only with version on GitHub github.com/dirkjanm/ROADtool…

10:36 PM Β· Dec 11, 2020

4
48
210
Replying to @_dirkjan
Congratz Dirk-jan But please, come to the C side, we have cookies. Or at least, coffee.
2
0
22
You forgot to mention the headaches :p
0
0
10
Replying to @_dirkjan
This is why I get a notification on my phone whenever you tweet!
0
0
1
Replying to @_dirkjan
Interesting. Isn't ROADToken already retrieving PRT cookie signed with session key, which can be then used by roadrecon to obtain refresh and access tokens?
1
0
1
Yes, but a PRT cookie only works once, whereas a stolen PRT+session key works for the entire validity of the PRT (about 14 days by default).
0
0
4
Replying to @_dirkjan
Won't someone be able to guess those redacted 32 characters? The search space is only 32^62 😱
1
0
0
"only" :p half the PRT is also cut off because it took too much screen space, so even with full session key they'd get nowhere.
0
0
0