Source Code Hijack Shortcuts - PowerShell

[dEEpEst]

This function, Invoke-ShortcutHijack, is designed to modify specified shortcut (.lnk) files by altering their target paths to point to a designated PowerShell executable (hardcoded to "powershell.exe" in the current version). It works by locating shortcut files—either through direct file path input or by searching default directories such as the Start Menu—and then loading each as a COM object. For each shortcut, the function captures the original target, constructs a new command that first launches the original application to preserve its intended functionality, and then appends custom payload code. The default payload displays a "Hacked" message box (after loading necessary GUI assemblies), but users can supply their own payload to execute additional commands. In this way, the function seamlessly hijacks shortcuts to maintain their original behavior while enabling extra actions, making it a powerful tool for both administrative automation and demonstration purposes.

Syntax

# Example 1: Hijack shortcuts found in the default Start Menu
# Uses the default payload which loads necessary GUI assemblies and shows a message box "Hacked"
Invoke-ShortcutHijack
# Example 2: Hijack specific shortcuts (by full file paths)
Invoke-ShortcutHijack -ShortcutPaths "C:\Users\Alice\Desktop\example.lnk", "C:\Users\Alice\Desktop\other.lnk" -PayloadCode "Write-Host 'Payload activated'"
# Example 3: Search a specified directory for shortcuts to hijack, using a custom payload
Invoke-ShortcutHijack -SearchDirectory "C:\temp" -PayloadCode "Write-Host 'Custom payload executed'"
# Example 4: Hijack a specific shortcut with a custom payload
Invoke-ShortcutHijack -ShortcutPaths "C:\Users\Alice\Desktop\test.lnk" -PayloadCode "Write-Host 'Payload activated'"

Script