lnk warning sreen

[Tomek]

basically, payload runs in windows registry.

what?

 

[s0nus]

how can i bypass this warning screen

That is a stream appended by Browsers and other tooling, used to identify files downloaded by internet - MOTW [1].

There is ways to circumvent MOTW [2], but that requires long time researching and reversing.

As other guys in this thread suggested, you can try different ways to achieve code execution.

[1] = https://en.wikipedia.org/wiki/Mark_of_the_Web
[2] = https://www.helpnetsecurity.com/2024/08/06/motw-bypass-lnk-stomping, https://www.securityweek.com/copy2pwn-zero-day-exploited-to-bypass-windows-protections

 

[pierre777reborn]

Use a .rar archive, it will remove the zoneid from the file and the window will not appear

doesnt work

 

[pierre777reborn]

Use. Vhd

could you expand on that

 

[не_представился]

There is still a way, but it requires a specific setup of the files you send to phish

Could you shed some light on these techniques?

 

[Str0ng]

I used iso+exe with pdf icon, it worked like a charm, although it was used to hack some companies, I don't know if that's your case

 

[pierre777reborn]

I used iso+exe with pdf icon, it worked like a charm, although it was used to hack some companies, I don't know if that's your case

How do you spread ?

 

[UnixSoft]

Файлы расширения lnk блокируется браузерами при загрузке , он будет переименован в расширение .download. Браузера на базе Хромиум не блокируют по какой то причине расширение .bat и при правильном коде, не виндовс не браузер, запрет на запуск не выдаст. Хотя вопрос, кто будет открывать файл расширением .bat

 

[Str0ng]

How do you spread ?

i use companys email accounts and then i send email with attachment to all contacts