HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
BEK TV
22 hours agoTrent Loos in the Morning - 10/31/2025
190 watching -
LIVE
The Bubba Army
21 hours agoIs Killing The New Trend??! - Bubba the Love Sponge® Show | 10/31/25
2,106 watching -
2:25:16
Demons Row
12 hours ago $3.17 earnedEx Hells Angels MC President: Charles “Peewee”Goldsmith (Full Interview)
8.52K3 -
3:35
Gamazda
10 hours ago $4.13 earnedThe Darkest Piano Theme?
13.6K18 -
13:42
Nate The Lawyer
19 hours ago $3.07 earnedINSANE Judge REMOVED For Lying Under Oath, Insurance Fraud & Stolen Valor
10.3K14 -
38:32
Code Blue Cam
1 day agoHow Police Stopped a Potential Church Massacre...
42.8K12 -
24:26
Actual Justice Warrior
1 day agoWelfare Queens RAGE OUT Over Food Stamp Cuts
16.5K53 -
3:05:11
Inverted World Live
11 hours agoThe Halloween Special with Drea De Matteo and Sam Tripoli | Ep. 133
365K16 -
2:57:52
Laura Loomer
13 hours agoEP154: Naturalized US Navy Medic From GAZA Exposed For Ties To Hamas
50.2K29 -
35:45
Stephen Gardner
16 hours ago🔴BREAKING: Election Auditor EXPOSES Democrat Election Fraud Evidence!
57.4K75