HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
StoneMountain64
49 minutes agoTOP GHILLIE SNIPERS play Warzone's NEW UPDATE
58 watching -
LIVE
Reidboyy
41 minutes agoHow To Make $$$ in Delta Force Console Operations!
23 watching -
1:00:35
Timcast
2 hours agoDOJ To BAN Transgenders From Owning Guns
101K104 -
LIVE
Side Scrollers Podcast
2 hours agoUK JAILS TV WRITER FOR WRONG THINK + TWITCH ALLOWS CYBERSTALKING + MORE | SIDE SCROLLERS LIVE
316 watching -
LIVE
Viss
1 hour ago🔴LIVE - PUBG Solo Tactics To Win Consistently! - PUBG 101
92 watching -
2:05:54
Steven Crowder
4 hours agoLive Reaction: RFK Faces Senate Grilling After Employees Demand His Resignation
261K188 -
1:02:58
The Rubin Report
3 hours agoPress Stunned by Trump’s Brutally Honest Message for Elon Musk
46.7K41 -
LIVE
Rebel News
1 hour agoPolice chief says 'comply' with intruders, Carney on temp workers, Trump on tariffs | Rebel Roundup
291 watching -
DVR
Neil McCoy-Ward
1 hour ago🚨 Hospitals Are Bracing For MASS Casualties...
7.84K1 -
The Mel K Show
2 hours agoMORNINGS WITH MEL K - NATO Cognitive Warfare & Post WWII Betrayal Finally Exposed 9-4-25
20.2K15