This comes in handy for all kinds of stuff.
- Gathering hashes with Responder (See: Pivot Checklist )
- LNK Hotkey Persistence
- Launching LOLBAS/LOLBINs (example: https://git.nopsled.me/Wh1t3Rh1n0/SeedySmuggler/ )
Create a Windows shortcut/LNK file:
# LNK path and filename. Requires full path (included with $PWD).
$link = (New-Object -ComObject WScript.Shell).CreateShortcut("$PWD\Calculator.lnk")
# Window style. 7=Minimized, 1=Normal, 3=Maximized
$link.WindowStyle = '7'
# File to be executed. CMD-style environmental variables with %'s are okay.
$link.TargetPath = '%SYSTEMROOT%\system32\calc.exe'
# Arguments to pass to the executed command. Empty string is okay if none.
$link.Arguments = ''
# Working directory commands should be run from.
$link.WorkingDirectory = "C:\"
# Shortcut hotkey - Not required. Unset by default. Uncomment to enable.
# $link.HotKey = 'CTRL+V' # Example: 'CTRL+V'
# Shortcut icon. Some common icons built into Windows are:
# - Installer icon: "%SYSTEMROOT%\system32\imageres.dll,82"
# - PDF icon: "%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe,13"
# - Blank/transparent icon: "%SystemRoot%\explorer.exe,22"
$link.IconLocation = "%SYSTEMROOT%\system32\calc.exe"
# Run this to save the LNK file.
$link.Save()