• Stars
    star
    111
  • Rank 314,510 (Top 7 %)
  • Language
    PowerShell
  • Created about 8 years ago
  • Updated almost 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Creates a .lnk file with unicode chars that reverse the file extension and adds a .txt to the end to make it appear as a textfile. Payload is a powershell webdl and execute

Account moved to: https://gitlab.com/illwill

tricky.lnk

.VBS that creates a .lnk file spoofing the file extension with unicode chars that reverses the .lnk file extension, appends ".txt" to the end and changes the icon to notepad to make it appear as a textfile. When executed, the payload is a powershell webdl and execute.

Works well for pentest phishing campaigns

Right-to-Left Override [RLO] This trick uses the fact that some languages are being written from right side towards left. A Unicode character was created to support such languages. It displaces the displayed extension in reverse order (i.e. blah.lnk becomes blahknl.). This character code is: U+202e more information on this character here. http://www.fileformat.info/info/unicode/char/202e/index.htm

How-To:

Download the .vbs file and edit the download url to point to your own payload. save the .vbs and execute it. The malicious .lnk file will be created on your desktop. Send that to phishing target. May need to obfuscate further to bypass email security appliances.


Powershell Bonus:

Created a PowerShell script that does the same thing, oddly enough it doesnt show the reverse lnk in the filename like the .vbs script does.

How-To:

Press windows key + R , type powershell, hit enter, copy the contents of tricky.ps1, in the powershell window right-click to paste the contents, then hit enter, you should see a file named ReadMe.txt appear on the desktop with a notepad icon. (obviously change the web address to your own payload)

or

download the tricky.ps1 and execute it for the commandline:

powershell -ExecutionPolicy Bypass -noLogo -File tricky.ps1

UPDATE:

  • Added additional powershell file generator tricky2.ps1

alt text

More Repositories

1

skiptracer

OSINT python webscaping framework
Python
1,051
star
2

BashBunny

Hak5 BashBunny Payloads
PowerShell
142
star
3

CACTUSTORCH_DDEAUTO

OFFICE DDEAUTO Payload Generation script
Shell
125
star
4

MobaXterm-Decryptor

MobaXterm Decryptor
Python
77
star
5

RFPiD

Python script thats reads RFID card tags from USB ID-20 reader and verifies them against a SQLite db.
Python
43
star
6

RubberDucky-Teensy-Digistump-Demonseed

My payloads for attacks utilizing a rubber ducky, teensy, and digistump
HTML
26
star
7

MiniReverse_Shell_With_Parameters

Reverse to use in a batfile which can call the ip and ports from itself
Batchfile
24
star
8

433Mhz

Code to sniff and send 433Mhz RF signals to outlets and bulb sockets
HTML
23
star
9

Mini_Bind_Shell

a CMD shell in masm that listens on port 8080
Assembly
12
star
10

RobinHood

steal BTC from the rich , give to the poor
Assembly
11
star
11

BsidesCT_Badge

Code etc for the badge creation and payloads
C
10
star
12

Mini_Reverse_Shell

Shovels a shell back to you on a specified port
Assembly
9
star
13

ReverseVNC

code to drop a reverseVNC connection I made in 2005, the VNCHooks.dll & winvnc.exe are outdated but can easily be updated to newer ones. need MASM installed to compile it, the editor.exe should work to quickly change the IP setttings without the need to recompile.
Assembly
8
star
14

WCRY-Ransomeware-Mutex

program to prevent WCRY from encrypting files by creating a MUTEX
Assembly
7
star
15

BitcoinJacker

old code from 2011 that was added to the Metasploit repository
Ruby
6
star
16

winnuke

Made to win a CTF in 2009 - written in MASM using winasm IDE
Assembly
4
star
17

DS18B20

PHP Code to automatically read and display DS18B20 names and temps
PHP
4
star
18

Compiled_Tools

compiled stuff for work
4
star
19

Powershell

various scripts
PowerShell
4
star
20

motd

bored, wanted something for my kali vms
Shell
4
star
21

Nutional_Server_Facts

this is based off a webpage i found around 2003-ish that had pseudo nutritional facts of the server specs
PHP
3
star
22

ESP8266_webserver

Using an ESP8266-03 to turn a LED on/off from some jquery webcode
C++
3
star
23

SMB_Detect

2k/XP Detect - some old code to detect OS version on a network
Assembly
2
star
24

Enum_RDP_Pwd

Metasploit Module to recover saved .rdp passwords
Ruby
2
star
25

slapboxing

Tone Generator/Emulator for old skool phreaking feelies
Assembly
2
star