Search the Community

Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester’s machine running Responder or smbserver to gather NTLMv1 or NTLMv2 hashes (depending on the configuration of the victim host machine). The tester can then attempt to crack those collected hashes offline with a tool like Hashcat. The payload file is uploaded directly to the insecure file specified by the tester in the command line. The tester includes their IP address as well, which is written into the payload. [hide][Hidden Content]]

Read the license before using any part from this code 🙂 Reverse Shell in Shortcut File (.lnk) How it works? Shortcut file (Microsoft Windows 9.x) LNK is a file extension for a shortcut file used by Microsoft Windows to point to an executable file. LNK stands for LiNK. Shortcut files are used as a direct link to an executable file, instead of having to navigate to the executable. LNK files contain some basic properties, such as the path to the executable file and the “Start-In” directory. LNK files use a curled arrow to indicate they are shortcuts, and the file extension is hidden (even after disabling “Hide Extensions for Known File Types” in Windows Explorer). The script creates a .lnk file that points to the user's "cmd.exe" file (located in the default folder C:\Windows\System32\cmd.exe) to run a reverse shell through arguments. Features: Reverse TCP Port Forwarding using Ngrok.io [HIDE][Hidden Content]]

[Hidden Content]