HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
Badlands Media
6 hours agoBadlands Daily: September 4, 2025
3,986 watching -
Dear America
2 hours agoEpstein Victims Vow To EXPOSE Everyone! + Are China and Russia Planning Against Trump?!
88.2K46 -
LIVE
Law&Crime
2 hours ago $1.06 earnedLIVE: Adelson Matriarch Murder Trial — FL v. Donna Adelson — Day 9
277 watching -
LIVE
The Big Migâ„¢
1 hour agoCartels Are On Borrowed Time, Here Comes The BOOM!
4,915 watching -
LIVE
Matt Kohrs
12 hours agoMASSIVE Market Swings Incoming! || Top Futures & Options Trading Show
511 watching -
LIVE
Wendy Bell Radio
6 hours agoIt's All About the Benjamins
7,001 watching -
LIVE
JuicyJohns
2 hours ago $2.89 earned🟢#1 REBIRTH PLAYER 10.2+ KD🟢
91 watching -
3:18:50
Times Now World
5 hours agoLIVE: NATO Chief Demands 5% of GDP for War Chest! Mark’s Bold Plan for Allies at IISS Prague Defence
20.2K3 -
15:54
IsaacButterfield
6 hours ago $0.36 earnedAustralians BANNED from Taking Photos at Uluru
4.35K14 -
1:13:27
The Mike Schwartz Show
2 hours agoTHE MIKE SCHWARTZ SHOW with DR. MICHAEL J SCHWARTZ 09-04-2025
3.14K6