HTML Smuggle with JavaScript
1 year ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
28:07
AllHackingCons
7 months agoSandboxing Javascript
-
40:16
AllHackingCons
1 year ago $0.01 earnedObfuscation in Javascript herrera
3 -
24:01
AllHackingCons
1 year agoWarning Ahead Security Storms are Brewing in Your JavaScript
-
56:04
AllHackingCons
7 months agoJavascript libraries insecurity
-
39:19
AllHackingCons
1 year agoAutomating Javascript Deobfuscation iximeow
-
14:04
TecH WaveS Videos
3 years ago $0.01 earned8 JavaScript Tricks - Must Know
112 -
11:25
Tech With Tim
4 years agoJavaScript for Beginners #2 - Modifying HTML Elements (getElementByID, innerHTML etc. )
5 -
8:03
luisvulcanis
1 year agoCOMO CAPTURAR E UTILIZAR DADOS DE UM FORMULÁRIO HTML USANDO JAVASCRIPT
-
43:42
AllHackingCons
1 year agoBuilding modern and robust Web Applications in 2021, without writing any JavaScript
-
0:56
HoussamDevWeb
1 year agoCopie superficielle et profonde Javascript
3