This module exploits a high-severity vulnerability in Windows File Explorer. The exploit works by creating a specially crafted .lnk (shortcut) file that, when placed in a folder viewed by a victim, forces the system to automatically connect to an attacker-controlled SMB server. This connection happens without any user interaction and results in the victim's NTLM hash being sent to the attacker. It is possible to use tools like "John the Ripper" to attempt decrypting the original password associated with the hash.
CVE Link
Exploit Platform
Exploit Type
Product Name