hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/recon/Link File analysis
History
Murty007 0f83db10f5 Added payload to analyse users .lnk files (#228) 
* Add files via upload

* Add files via upload
2017-07-10 07:27:22 +10:00
..
payload.txt
Added payload to analyse users .lnk files (#228)
2017-07-10 07:27:22 +10:00
readme.md
Added payload to analyse users .lnk files (#228)
2017-07-10 07:27:22 +10:00
run.ps1
Added payload to analyse users .lnk files (#228)
2017-07-10 07:27:22 +10:00

readme.md

Based on a payload written by Simen Kjeserud

Tested on firmware 1.3

Searches the user profile for .lnk files and reports on the file name, Target file, Date Created, Date Last Written. Results are provided in a CSV file.

Output = \loot\Link-Files\link_files.csv

Background In an incident where it is suspected that a user has exfiltrated data to a USB drive, the target element of any .lnk files may show files on external media (i.e. not the C: drive.).

Note - using this payload is NOT forensically sound!

STATUS

LED Status
Purple (blinking) Attack in progress
Green (blinking) Attack Finished