SILENTEXPLOIT
LNK

SHORTCUT LOADERS

Shell Link Argument Injection

Home > LNK Shortcut

Technical Overview

Windows Shortcut files (LNK) are binary formatted files that point to another application. However, they allow for extensive argument passing. By directing an LNK file to a LOLBin (Living Off The Land Binary) like `cmd.exe` or `powershell.exe` with malicious arguments, code execution can be achieved simply by viewing the file icon or double-clicking it.

Key Mechanisms

  • Argument Injection: Hiding command strings within the "Target" field (often padding with whitespace to hide from UI).
  • Icon Masquerading: Using the loader's icon resource to mimic harmless files like PDF or Folder.
  • Network Handshakes: UNC path injection can force NTLM authentication attempts.

Red Team Advantages

  • Simple Delivery archives (ZIP/ISO) containing LNKs are a standard delivery method.
  • Deceptive The extension (.lnk) is hidden by default in Windows Explorer, making it look like the target file.
  • One-Click Immediate execution upon interaction, requires no further user prompts.