Link File Analysis

Link File Analysis
Download Copy
Title: Link File Analysis
Author: Paul Murton

In an incident where a user is suspected of exfiltrating data to a USB storage device, CD/DVD etc, its possible that the user may subsequently open an exfiltrated file on the media. In this scenario, a local lnk file will be created, providing evidence of the files existance. This payload uses a powershell script to search the user profle for lnk files where the target is on a drive other than the C: Drive. The output is put into a CSV file in the folder \loot\link-files

Incident Response, or simply IR, is all about managing the aftermath of a security breach. It's all about identifying, minimizing and containing damage as quickly as possible, as well as remediation such that the risk of additional incidents are minimized. A good incident response plan outlines the responsibilities of all parties, in addition to the procedures the organization takes to manage the incident. Having containment payloads developed, tested and at the ready before an incident will save valuable time when needed. See all incident response payloads.

This payload is for the Bash Bunny. Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world's most advanced USB attack platform.

Submit your own payload, or browse more featured Bash Bunny Payloads.

 

 

Related Payloads

Screenshare Over LAN
Screenshare Over LAN
This payload starts up a HTTP server and streams the local desktop to a browser window for other devices on the network.
Read More
VM Detect
VM Detect
This payload uses various methods to determine if the machine is a VM and will generate a console readout and verbose te
Read More
Flood Gateway
Flood Gateway
This payload detects the Gateway IP then proceeds to send SYN/ACK/RST/UDP to the Gateway
Read More