Description
Generates a Windows Shell Binary Format (.LNK) file that contains an embedded PowerShell command to execute a PowerShell cradle which will load a SpecterInsight payload into memory.
Overview
This pipeline generates a staged PowerShell cradle command using the specified parameters and embeds that commannd inside of a a Windows Shell Binary Format (.LNK) file. When the LNK file is launched (either via double-clicking on the icon or through some other mechanism such as Startup Folder persistence), the internal PowerShell command will be run.
Parameters
| Parameter | Type | Description |
|---|---|---|
| UseCommandPrompt | boolean | If true, the specified command will be executed by cmd.exe. This is useful if you are not using the full path to the binary. If you want the LNK file to launch the target file directly, then leave this parameter false and provide a full path to the target executable. |
| ShowCommand | Enum | Specifies how the target executable should be show (e.g. SW_HIDE, SW_SHOWMINIMIZED, or SW_SHOWMAXIMIZED). |
| ExecutionPolicy | Enum | Specifies the PowerShell execution policy to use. The default is Bypass. |
| NoProfile | boolean | Specifies whether or not PowerShell will be launched with the NoProfile option. The default is false. |
| WindowStyle | Enum | Specifies the WindowStyle to use when running PowerShell (e.g. Hidden, Minimized, Maximized, etc). |