HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
1:08:26
Sarah Westall
9 hours agoSuicide Pacts forming in Youth Social Media Groups - Discord, Reddit, TikTok w/ John Anthony
77.4K26 -
2:25:31
vivafrei
20 hours agoEp. 281: Charlie Kirk; Routh Trial; Charlotte Train; Bolsanaro Defense; SCOTUS & MORE!
157K231 -
2:55:38
Turning Point USA
11 hours agoWASHINGTON D.C. PRAYER VIGIL FOR CHARLIE KIRK
102K44 -
35:54
The Mel K Show
11 hours agoMel K & Tim James | Healing is an Inside Job | 9-14-25
75.6K4 -
3:06:33
IsaiahLCarter
14 hours ago $15.93 earnedCharlie Kirk, American Martyr (with Mikale Olson) || APOSTATE RADIO 028
84.9K29 -
16:43
Mrgunsngear
18 hours ago $13.33 earnedKimber 2K11 Pro Review 🇺🇸
61.4K14 -
13:40
Michael Button
1 day ago $4.08 earnedThe Strangest Theory of Human Evolution
54.3K31 -
10:19
Blackstone Griddles
1 day agoMahi-Mahi Fish Tacos on the Blackstone Griddle
38K3 -
23:51
Jasmin Laine
1 day ago“Stop Wasting My Time!”—Trump's BRUTAL WARNING To Canada As Poilievre ROASTS CBC LIVE
28.9K30 -
9:54
Millionaire Mentor
1 day agoNBC Host EXPOSES JB Pritzker For Saying This About Trump
19.2K14