Awesome
Lantern
This repo is not maintained anymore. Moved to SharpAzToken.
Lantern is a small tool I created to learn about Azure authentication, tokens and C#. Maybe It helps you to learn, too. The code for authentication, is mainly adapted from auth.py of roadtools from Dirk-Jan and ported to c#. All credits for the authentication part goes to him.
How Azure PRT works is mainly described in these two articles:
- https://dirkjanm.io/abusing-azure-ad-sso-with-the-primary-refresh-token/
- https://dirkjanm.io/digging-further-into-the-primary-refresh-token/
Additionally, I started to implement Azure Device Join and to learn about that. Here I copied and adapted the code mainly from AADInternals. Here all credits goes to Dr. Nestori Syynimaa. If you want to learn more about device join I can recommend reading this blog.
At the moment you can request some tokens in various ways and join a device to Azure. Additionally you can use this device the get PRT and a session key. More is coming.
Note: This tools is for learning and it is in pre-, pre-, pre- (what comes before alpha?) status.
Compiling
You can build it with VisualStudio 2019 and .NetCore. Simple open the project and compile it. I tested it for Windows and Linux.
Usage
Proxy
You can always see whats going on if you add a proxy. For example like:
--proxy http://127.0.0.1:8080
Tipp: Disable HTTP2 support on your proxy. The library I use does not support HTTP2 and I had problems with burp, if I didn't disable HTTP2.
Help
.\Lantern.exe --help
.____ __
| | _____ _____/ |_ ___________ ____
| | \__ \ / \ __\/ __ \_ __ \/ \
| |___ / __ \| | \ | \ ___/| | \/ | \
|_______ (____ /___| /__| \___ >__| |___| /
\/ \/ \/ \/ \/
Lantern 0.0.1-alpha
p2pcert Ask for a P2P Certificate.
nonce Request a nonce from Azure.
cookie Create a PRT Cookie for further usage or your browser.
token Play with Azure Tokens.
mdm Do things with Intune like joining a device
devicekeys Play with Device Keys - Ask for PRT and SessionKey for a
certificate.
utils Some arbitrary usefull functions.
help Display more information on a specific command.
version Display version information.
Nonce
Request a nonce you can use the following command:
Lantern.exe nonce
PRT-Cookie
Create a PRT-Cookie for the browser you can use:
Lantern.exe cookie --derivedkey <Key from Mimikatz> --context <Context from Mimikatz> --prt <PRT from Mimikatz>
Lantern.exe cookie --sessionkey <SessionKey> --prt <PRT from Mimikatz>
Token
Create tokens in various combination and play with them:
Lantern.exe token --derivedkey <Key from Mimikatz> --context <Context from Mimikatz> --prt <PRT from Mimikatz>
Lantern.exe token --prtcookie <PRT Cookie>
Lantern.exe token --username <Username> --password <Password>
Lantern.exe token --refreshtoken <RefreshToken>
Lantern.exe token --refreshtoken <RefreshToken> --clientname Office
Join a device or mark a device as compliant
Join a device:
Lantern.exe mdm --joindevice --accesstoken (or some combination from the token part) --devicename <Name> --outpfxfile <Some path>
Device Keys
Generate PRT and Session Key
Lanter.exe devicekeys --pfxpath XXXX.pfx --refreshtoken (--prtcookie / ---username + --password )