HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
Damysus Gaming
3 hours agoARC Raiders - SERVER SLAM TIME!!!! LFG!!!
18.8K -
1:04:10
The Connect: With Johnny Mitchell
6 hours ago $3.36 earnedTucker Carlson's INSANE Take On Civil War In America, Calls For Fascism
14.2K20 -
LIVE
DLDAfterDark
5 hours agoThe Return of Marine Gun Builder? MGB, DLD, BDG&G After Hours Armory
283 watching -
28:39
Afshin Rattansi's Going Underground
1 day agoDonald Trump’s Gaza Peace Plan: A Pivotal Moment or Farce? (Palestinian Deputy Foreign Minister)
23.1K6 -
3:31:29
SavageJayGatsby
6 hours ago🔥 Spicy Saturday – Let's Play: Prison Life 2🔥
38K2 -
4:34:18
cosmicvandenim
12 hours agoCOSMIC VAN DENIM | WARZONE HORROR
14.3K1 -
29:09
Stephen Gardner
10 hours ago🚨Trump DECLARES WAR on TERRORIST LEFT!
27.8K42 -
4:16:00
NellieBean
5 hours ago🔴 Lost Girl looks for Lost Village
7.69K -
30:07
JohnXSantos
1 day agoWhy Clothing Brands NEVER Fail- Master Class
7.07K -
LIVE
Spartan
3 hours agoOMiT Spartan | God of War Ragnarok, College Halo match @ 9:30 EST, then ranked or more GoW:R
15 watching