What is Ink Exploit?
Ink Exploit is a fully functional exploit builder that packages and delivers remote execution payloads disguised as legitimate files. It’s not a toy, not a demo it’s a real working tool designed for penetration testers and red team operations.
It uses clean, unsigned shortcuts and link-based deployment to bypass basic AV detection, and it’s currently undetected on most consumer-grade security solutions.
What It Does
- ✅ Generates disguised executable shortcuts that point to remote payloads
- ✅ Masks payloads as known tools (e.g., PuTTY, Notepad++, etc.)
- ✅ Supports custom naming and icon spoofing
- ✅ Delivers and executes remote binaries without raising standard alerts
Example Flow:
You input a clean URL (like a PuTTY download), set the output name (Ejemplo.exe), and the builder creates a shortcut that fetches and runs the payload while showing a decoy installer screen.
Key Features
- Shortcut Exploitation: Uses
.lnkfiles to trigger remote code execution - URL Masking: Can point to any remote binary while showing fake progress/install screens
- Lightweight: Final payload is only ~20-50 KB file, downloads actual app separately
- Clean Logs: Leaves minimal traces on the host system
- Customizable Decoy Text: You can edit the “generating exploit” messages to match your social engineering scenario
- No Signature Issues: Uses legitimate signed binaries for final-stage execution
It’s not a Windows RCE 0-day, but a social engineering 0-day and those are often more valuable in real-world breaches.
