# Modifying .lnk Shortcuts
This is a quick lab showing how .lnk (shortcut files) can be used for persistence.
## Execution
Say, there's a shortcut on the compromised system for a program HxD64 as shown below:
. That shortcut can be hijacked and used for persistence. Let's change the shortcut's target to this simple powershell:
```csharp
powershell.exe -c "invoke-item \\VBOXSVR\Tools\HxD\HxD64.exe; invoke-item c:\windows\system32\calc.exe"
```
It will launch the HxD64, but will also launch a program of our choice - a calc.exe in this case. Notice how the shortcut icon changed to powershell - that is expected:
We can change it back by clicking "Change Icon" and specifying the original .exe of HxD64.exe:
The original icon is now back:
## Demo
Below shows the hijack demo in action:
In the above gif, we can see the black cmd prompt for a brief moment, however, it can be easily be hidden by changing the `Run` option of the shortcut to `Minimized`:
Running the demo again with the `Run: Minimized` shows the black prompt went away:
{% hint style="warning" %}
Note that hovering the shortcut reveals that the program to be launched is the powershell.
{% endhint %}
## Reference
{% embed url="" %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://www.ired.team/offensive-security/persistence/modifying-.lnk-shortcuts.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.