Introducing LNK Exploit Tool: A Basic Payload Creator

[BADREDDINE]

LNK Exploit Tool: A Simple Payload Creation Tool - Review and Expert Feedback
As a developer interested in creating .lnk payloads, I’ve built this tool to simplify the process. Currently, the tool allows users to:

• Generate a .lnk shortcut with a Base64-encoded PowerShell command.
• Customize the download URL and payload name.
• Use basic obfuscation techniques to enhance the command’s stealth.

Although this tool is functional, it is still under development. I am seeking advice from experts on improving the tool's techniques and features. I would greatly appreciate your feedback on how to enhance the effectiveness and security of the payload.

Requirements:
pip install pywin32 winshell

 

[Lipshitz]

Not an expert but after looking quickly a few ideas:

1. randomize concatenation (obfuscate_command function)
2. check out https://xss.pro/threads/112788/ for different lnk execution methods
3. Invoke-Obfuscation is old but has obfuscation ideas
4. look at https://xss.pro/threads/122725/ for features they used

 

[Trap4L]

cool tool man i just coded something almost exactly like this in wx

 

[BADREDDINE]

cool tool man i just coded something almost exactly like this in wx

Good work I will improve the tool soon and make it enjoy advanced technologies.

 

[SBS234]

Hi bro, it is very interesting tool, when you gonna update this?

 

[DarkMatter]

Good work ill give it a try