hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/Incident_Response/Link File analysis
History
Murty007 0f83db10f5 Added payload to analyse users .lnk files (#228) 
* Add files via upload

* Add files via upload
2017-07-10 07:27:22 +10:00
..
payload.txt
Added payload to analyse users .lnk files (#228)
2017-07-10 07:27:22 +10:00
readme.md
Added payload to analyse users .lnk files (#228)
2017-07-10 07:27:22 +10:00
run.ps1
Added payload to analyse users .lnk files (#228)
2017-07-10 07:27:22 +10:00

readme.md

Author : Paul Murton

Notes :

My background is in Computer Forensics and incident response. I am new to Powershell, so it's likely that the script is inefficient, but it does work.

In an incident where a user is suspected of exfiltrating data to a USB storage device, CD/DVD etc, its possible that the user may subsequently open an exfiltrated file on the media. In this scenario, a local lnk file will be created, providing evidence of the files existance.

This payload uses a powershell script to search the user profle for lnk files where the target is on a drive other than the C: Drive.

The output is put into a CSV file in the folder \loot\link-files

Tested on ver 1.3

STATUS

LED Status
Purple (blinking) Attack in progress
Green (blinking) Attack Finished