one thing that i appreciate about your videos is that you zoom the screen big enough to make it easier to read and watch. and i think people don't point that out enough. thanks.

really seems like Microsoft should implement some security measures for these scf files

SMB seems like it's primarily a vulnerability generating protocol that just happens to also let you share files

Yooo, I swear you always have the most absurd things in windows to perform malicious actions with, absolutely love it!

Very old trick, i remember using this to infect my teachers computer so i could steal the tests early

The point is clear - you have just to make somehow a request from victim PC via SMB, fool it that you're going to authenticate it and it gives you it's NTLM hash. But, I couldn't replicate this attack (at least this way). I've done exactly how did you in video and simply nothing happened. Responder was listening correctly and all VMs were in the same network. Windows 10 nor Windows 7 responds to this. Guest OS: Windows 10, Kali Hypervisor: Virtualbox Networking: Bridged (both of them)

I'm too dumb to understand everything You present, but how I have been told "I love when You speak technical to me"

A small correction: You meant "relay" the hash not "pass" because pass the hash attacks are different than NTLM relay attacks. It's quite confusing because of the misused terminology (I did it in the previous sentence as well for traditional reasons :D). But the pass-the-hash attack uses the password hash stored on the machine to generate NetNTLMv2 hashes that will be sent through the network. Relay attacks catch a NetNTLMv2 hash (just like responder does) and sends it through to another service that accepts NTLM authentication. Key differences: NetNTLMv2 hashes cannot be used for long, they expire. SMB signing (in case of SMB servers) can defend against relay attacks (but it will have like a 30% performance cut) while pass-the-hash attacks will work even if it's enabled.

Running and gunnin! Hotel YT production. Good to see you John! Great video

Alright, so you can set a custom icon for a richtext file or word document... 🤷‍♂ Seems cool, but noone really uses it afaik. But then allowing a network location for an icon, on a local document file is really odd🤦‍♂, I don't think anyone asked for that feature whatsoever.

Thanks for sharing! Good to see this is possible, something to be alert for. When I think of protection, blocking SCF files in Ivanti Workspace for example, could prevent this. As for monitoring, detection and response I'm thinking anti virus and SIEM tooling and a SOC to respond to alerts. This covers anti malware and monitoring and logging in ISO27001.

I am, have always been and plan on always being...a shift+delete kind of person.

You wouldn't be able to "pass the hash" this isn't ntlm, this is a different format known as net-NTLM, you can relay this though, so long as there is no signing in place.

Hiding in plain sight.

Classic John Hammond, always traveling so we can't pinpoint his location with OSINT

Wonder if all these vulnerabilities are recognized by Huntress?

I just did something like this not that long ago and pwnd the SOC for the folks that I was working for. I downloaded an SCF to my computer which pointed to my host on the Internet, well the SOC saw the file saved it their desktop and all of the sudden I had a connection to my host from one of the SOC users (which BTW had admin rights on an S* load of systems) after that I used his credentials, with pass the hash, to own the place.

So powerfull! If a read teamer put this file in a smb share for example, whould the .ico be fetched by any viewers of the share? Or the ico will be cached by the DC?

It's really cool to get this working :P Love your content!

Hi John, Thank you for all the information you share with all of us! I need some help some Russians hacked my email account so I have changed all passwords as required. I have the ip address it was accessed from. How can I revert their action towards them back?

Windows is the Devil

Love, John Hammond. :)

For me Recycle Bin doesn't show up in the open file dialog for any program, and I can't drag it into a text editor either. This is with show All Files set. Anyone know why this could be?

ok that is really cool. Thank you for doing these types of videos.

Great content as always!! TY!

I will never use an SCF file again (maybe)

"... will *never show* its file extension ..." That's only true as long as the "NeverShowExt" Registry Value is present under SHCmdFile [HKCR\.scf points to HKCR\SHCmdFile].

Hey John big fan here, one thing though I noticed that this only works on windows 10 and does not give me the hash when I tried it on windows 11 is there any reason for that?

I have known this for *quite* a while. And there's a bug related to this that might be exploitable too. 😄 It was fun to toy around with, but since nobody was interested i just ignored it for a while. 🤷‍♂

Literally amazing 😲😲😲😎

yow John, unrelated topic here, just want to ask if you know how to install linux mint or ubuntu dual boot with windows 10 if i don't have flash drive and dvd to create bootable installer. thanks

we cannot make pass the hash with ntlmv2

My recycle bin is named Garbage

Don't give me ideas.

Doesn't seem to work on Windows 11

remind me of the old school NETBUS

thats mad, and i alrway riht click recycle bin to empty it i never open it luckily but i see the point any icon can be used lol

Does it still dump the hashes and info via flash disk usage Without placing it in the system storage

I need that for iPhone and for any laptop in S mode windows

you should make a anti-viris, malware...etc

The same with .lnk except the arrow.

You find the strangest things :)

Love ur vids

You are the one 💪

Mind blown

Hell yeah new video

HII

Neat info

WHAT 1 MINUTE AGO?

Ima try this exploit on a big corporation xd

COOL!

the odd thing on your desktop is that you use google chrome

Interesting

👍🏽

can you makea udemy cours please?thanks

🇦🇿🇦🇿🇦🇿🇦🇿🇦🇿🇦🇿🇦🇿

HA

First

hate to be that guy but first

Probably just me but you sound like Seth Rogen if he wasn't a weed smoker 🫡👌

First