HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
9:22
Colion Noir
7 hours agoArmed Woman Drags Gunman Out of Store Before Firing Two Shots
64.3K35 -
1:04:17
Jeff Ahern
3 hours agoThe Saturday Show with Jeff Ahern
3K4 -
44:34
Chris Harden
2 days agoWhat Happened to Rock Island, Illinois?
3.59K4 -
30:56
Advanced Level Diagnostics
6 days ago2004 Chevy Silverado - Won't Shut Off!
3.89K1 -
7:05
Spooky Grandpa's Scary Stories
7 months agoThose Who Linger - Halloween, Ghost Stories, Horror, Haunted, Cemetery, Folklore
3.09K17 -
2:23
Memology 101
1 day ago $0.63 earnedAOC spits completely made-up BULLSH*T during UNHINGED anti-Republican rant
3.5K27 -
1:55
NAG Daily
20 hours agoHEADLINES FOR THE JILTED MASSES W/GreenMan Reports
1.76K -
LIVE
GrimmHollywood
5 hours ago🔴LIVE • GRIMM HOLLYWOOD • ARC RAIDERS • DAY 2 •
135 watching -
3:02:36
CassaiyanGaming
5 hours ago🟢LIVE - BATTLEFIELD 6 - MEDIC SHIFT - Doing My Duty
22.8K1 -
![Mr & Mrs X - ICE Is A Threat To The [DS] Agenda, The ICE Insurgency Will Fail - EP 12](https://1a-1791.com/video/fww1/b2/s8/1/o/V/N/r/oVNrz.0kob-small-Mr-and-Mrs-X-ICE-Is-A-Threa.jpg)
46:10
X22 Report
6 hours agoMr & Mrs X - ICE Is A Threat To The [DS] Agenda, The ICE Insurgency Will Fail - EP 12
95.4K48