Premium Only Content
This video is only available to Rumble Premium subscribers. Subscribe to
enjoy exclusive content and ad-free viewing.

HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
3:06:47
Laura Loomer
8 hours agoEP131: Zohran Mamdani's Radical Roots EXPOSED
41.8K27 -
2:42:53
TimcastIRL
9 hours agoDOJ Drops MASSIVE Epstein COVER UP, Says There's NO CLIENT LIST | Timcast IRL
242K162 -
54:25
Inverted World Live
8 hours agoThe JFK Assassination and How the CIA Made the Zapruder Film | Ep. 70
35.5K11 -
10:11:25
SpartakusLIVE
15 hours ago$18,000 2v2 WZ Total Frenzy Tournament || #1 Comp Champ is BACK
92.5K4 -
8:11
MattMorseTV
1 day ago $18.18 earnedMacron just SURRENDERED.
81.6K99 -
1:35:03
Glenn Greenwald
11 hours agoTrump DOJ: There's Nothing to the Epstein Story; State Dept: Syria's Al-Qaeda are No Longer "Terrorists;" Trump & Lula Exchange Barbs Over Brazil | SYSTEM UPDATE #482
171K151 -
2:18:39
We Like Shooting
21 hours ago $7.90 earnedWe Like Shooting 618 (Gun Podcast)
48.5K -
2:42:17
Barry Cunningham
10 hours agoHERE'S WHY SOME IN MAGA ARE SO NEGATIVE ABOUT PRESIDENT TRUMP?
89.9K41 -
1:54:30
Joker Effect
8 hours agoWhy Gaming Streamers Aren't Successful and How To Fix It. Tim The Tatman was RIGHT... Kinda
44.7K3 -
3:43:25
megimu32
8 hours agoOTS: From Ozzy to Emo 🎸 The Rise & Fall of the Rockstar
29.2K2