Badlnk : Reverse Shell In Shortcut File (.lnk)

Badlnk : Reverse Shell In Shortcut File (.lnk)

Badlnk is a reverse shell in shortcut file (.lnk).

How it works?

Shortcut file (Microsoft Windows 9.x) LNK is a file extension for a shortcut file used by Microsoft Windows to point to an executable file. LNK stands for LiNK. Shortcut files are used as a direct link to an executable file, instead of having to navigate to the executable.

LNK files contain some basic properties, such as the path to the executable file and the “Start-In” directory. LNK files use a curled arrow to indicate they are shortcuts, and the file extension is hidden (even after disabling “Hide Extensions for Known File Types” in Windows Explorer).

The script creates a .lnk file that points to the user’s “cmd.exe” file (located in the default folder C:\Windows\System32\cmd.exe) to run a reverse shell through arguments.


Reverse TCP Port Forwarding using


  • Ngrok Authtoken (for TCP Tunneling): Sign up at:
  • Your authtoken is available on your dashboard:
  • Install your auhtoken: ./ngrok authtoken
  • Target must reboot/re-login after installing the .reg file

Also Read – WiFiPumpkin3 : Powerful Framework For Rogue Access Point Attack


git clone
cd badlnk


Usage of BADlnk for attacking targets without prior mutual consent is illegal. It’s the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program