HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
Nerdrotic
3 hours ago $4.19 earnedWe Stand Behind Sydney Sweeney | Naked Gun | Fantastic Flop? - Friday Night Tights 365
1,901 watching -
LIVE
Sarah Westall
1 hour agoTrump’s Economic Plan will Change the World Economic System. Will it Work? w/ Andy Schectman
198 watching -
LIVE
LFA TV
21 hours agoLFA TV ALL DAY STREAM - FRIDAY 8/1/25
1,195 watching -
9:24
Faith Frontline
4 hours agoJordan Peterson CAUGHT OFF GUARD by George Janko’s Jesus Question
3.48K5 -
1:18:23
vivafrei
4 hours agoGhislaine Quiety Moved to Texas Facility? Tish Sues Trump Over Trans E.O. Canada Madness & MORE!
81.1K51 -
LIVE
Akademiks
6 hours agoShannon Sharpe FIRED. KSOO Found Guilty! Gilbert Arenas ARRESTED! NBA Youngboy 14th kid OTW. 1/30
1,025 watching -
2:09:16
Tucker Carlson
5 hours agoCandace Owens: Macron, Harvey Weinstein, and Why “Christ Is King” Totally Broke People’s Brains
117K259 -
55:15
Michael Button
7 hours ago $1.03 earnedWhy Does This Ancient Symbol Appear Everywhere? - Archaic Lens Interview
10.3K1 -
2:03:12
Side Scrollers Podcast
6 hours agoBlabs is Absolutely DISGUSTED By Nintendo | Side Scrollers Live
31.8K5 -
10:40
MTNTOUGH Podcast w/ Dustin Diefenderfer
8 hours agoBack with the 75th Ranger Regiment: MTNTOUGH Dives Deeper into America's Elite
14.2K1