This tool is used to create PRT tokens using browsercore.exe via web application to perform PASS-THE-PRT attacks
- Create python3 environment in current folder
python3 -m venv .\venv - Activate environment with
.\venv\Scripts\activate.bat - Install flask using command
pip install Flask - Set FLASK_APP environment with
set FLASK_APP=main.py - Run the tool
flask run --host 0.0.0.0 - Go to URL
http://127.0.0.1:5000 - Follow the tool's steps
To properly generate the token, you need to provide a dummy URL, you need to do this once. To create a Dummy token follow the steps:
-
On the computer you want to generate the token go to
https://outlook.office365.comon a Chrome incognito window -
While in Microsoft sign in page, copy the URL and paste it in variable DUMMY_URI in main.py file
-
Save and run the tool
-
On microsoft Teams, sometimes it will show an error saying: Ops something goes wrong To solve this, click on Sign out and try to sign in again. Don't worry when you sign out because when you login again it will use the PRT you already generated.
-
On Microsoft Teams, sometimes it will loop the requests, to solve this just type on the URL browser
https://teams.microsoft.comand it will solve the problem.