byt3bl33d3r/CrackMapExec

Feature/extension: Free-form URLs for LNK files (slinky module)

stfnw opened this issue · 1 comments

stfnw commented

It would be useful if one could specify a more free-form URL in LNK files placed on writable shares (slinky module), like in the drop-sc module for search connector files.
Currently, slinky takes a SERVER option that is then used as part of a UNC path (the UNC path format is hardcoded).
A free-form URL option would instead also allow specifying a HTTP url for the referenced icon file, thereby allowing grabbing of NTLM authentication over HTTP (which can then be relayed more freely as those over SMB).

Two possible approaches would be to either replace SERVER with a new option (cleaner; but breaking backwards compatibility), or to keep SERVER around and add the new functionality.
Please let me know which option you would prefer.

stfnw commented

As en example I've implemented the option 1 in pull request #826.