HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
8:34
The Rich Dad Channel
10 hours agoIf You're an Employee You're Running Out of Time, Watch This Before It’s Too Late
2.19K -
31:31
Uncommon Sense In Current Times
14 hours agoHow This War in Israel Was Prophesied | Joel Chernoff
6.42K -
55:12
Esports Awards
13 hours agoBarney Banks on Esports, TikTok Fame, Dancing & More | Origins Podcast #1
10.3K1 -
6:38
Mrgunsngear
12 hours ago $6.65 earnedTrump's ATF Removes Zero Tolerance Policy For FFLs & More 🇺🇸
16.7K19 -
22:07
JasminLaine
13 hours agoWatch CBC Realize They Can’t Save Carney—Poilievre Calls Him a “Political Grifter”
22.7K16 -
58:51
Motherland Casino
7 hours agoPaula x Barbara
7.03K1 -
4:27:58
Delnorin Games
5 hours ago🔴 Live - Call of Duty
3.92K1 -
13:19
Bearing
22 hours agoAustralian Prime Minister FALLS OFF STAGE Then Denies it Happened 🤣😂
19.1K44 -
2:44:48
Price of Reason
14 hours agoTrump Tariff Mania CONTINUES! China vs Hollywood! Bezos Under FIRE! Sweet Baby Inc FAILS Again!
39.7K4 -
2:39:40
TimcastIRL
11 hours agoTrump To Impose 104% TARIFF On China At Midnight In NUCLEAR BOMB On Global Trade | Timcast IRL
267K133