search

byt3bl33d3r / CrackMapExec

A swiss army knife for pentesting networks
BSD 2-Clause "Simplified" License
8.29k stars 1.64k forks source link

Feature/extension: Free-form URLs for LNK files (slinky module) #825

Open stfnw opened 8 months ago

stfnw commented 8 months ago

It would be useful if one could specify a more free-form URL in LNK files placed on writable shares (slinky module), like in the drop-sc module for search connector files. Currently, slinky takes a SERVER option that is then used as part of a UNC path (the UNC path format is hardcoded). A free-form URL option would instead also allow specifying a HTTP url for the referenced icon file, thereby allowing grabbing of NTLM authentication over HTTP (which can then be relayed more freely as those over SMB).

Two possible approaches would be to either replace SERVER with a new option (cleaner; but breaking backwards compatibility), or to keep SERVER around and add the new functionality. Please let me know which option you would prefer.

stfnw commented 8 months ago

As en example I've implemented the option 1 in pull request #826.