HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
Matt Kohrs
10 hours agoStock Market Open: HAPPY FOMC DAY!!! || Live Trading Futures & Options
879 watching -
LIVE
Crypto Power Hour
1 hour ago $0.09 earnedWEB 3, Reclaiming The Internet
98 watching -
LIVE
Total Horse Channel
1 hour ago2025 WDAA Western Dressage World Championship Show | Day Two | Arena Four
183 watching -
LIVE
LFA TV
4 hours agoLFA TV ALL DAY STREAM - WEDNESDAY 9/17/25
4,635 watching -
1:15:33
JULIE GREEN MINISTRIES
3 hours agoLIVE WITH JULIE
78.8K161 -
3:59:03
The Bubba Army
23 hours agoState of Utah Wants Tyler Robinson DEAD! - Bubba the Love Sponge® Show | 9/17/25
62.3K6 -
LIVE
JuicyJohns
1 hour ago $0.19 earned🟢#1 REBIRTH PLAYER 10.2+ KD🟢
79 watching -
29:02
ChopstickTravel
7 days ago $2.84 earnedToronto's #1 Chilli Crab 🇨🇦 Canada's Seafood Meets China's Wok ft.@InstaNoodls
68.9K1 -
17:07
Fit'n Fire
5 days ago $1.27 earned*NEW* Bulgarian RPK Mag That Actually Work?
18K5 -
10:56
Nicholas Bowling
20 hours ago $3.36 earnedBisexual “Christian” CONFRONTS Preacher on College Campus!
25.7K21
