HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
13:29
Daniel Davis Deep Dive
1 day agoCol Doug Macgregor: NATO Hungry for MORE WAR
2.42K2 -
8:27
BlackDiamondGunsandGear
1 year agoThis 100 Year old Shotgun, is Full Auto?
3.11K5 -
40:31
Degenerate Plays
14 hours ago $0.37 earnedWe Need A Big Controversy - Batman: Arkham Asylum : Part 14
3.81K -
8:26
Millionaire Mentor
16 hours agoMaria Bartiromo SHOCKED As Navarro Reveals FBI’s Dirty Secret
3.9K5 -
12:22
Actual Justice Warrior
1 day agoChicago Gives Sucker Puncher UNLIMITED Chances
91.4K61 -
35:29
Code Blue Cam
3 days agoMan Robs Bank Minutes After Jail Release
6.7K21 -
21:22
Nikko Ortiz
1 day agoI MUST BREAK EVERYTHING!!
77.4K6 -
LIVE
Lofi Girl
3 years agolofi hip hop radio 📚 - beats to relax/study to
201 watching -
56:38
DeProgramShow
2 days agoDeprogram with Ted Rall and John Kiriakou: "Jake Tapper on the Global Hunt for an Al Qaeda Killer”
44.2K6 -
16:30
GritsGG
2 days agoWarzone's New Zombie Royal Mode is AWESOME!
13.2K1