HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
Wendy Bell Radio
5 hours agoPet Talk With The Pet Doc
458 watching -
1:11:37
Mike Rowe
8 days agoDoes China Control The NBA? | Enes Kanter Freedom #453 | The Way I Heard It
30.5K42 -
LIVE
TheItalianCEO
19 hours ago24-hr Arc Raiders Stream
71 watching -
1:15:41
Steve-O's Wild Ride! Podcast
21 hours ago $2.83 earnedBert McCracken: The Unlikely Godfather of Hardcore Music
14K -
LIVE
Midnight In The Mountainsâ„¢
2 hours agoGaming w/ Midnight | Arc Raiders w/ SilverFox & Sgt Wilky | 11AM EST
75 watching -
LIVE
dieseldesigns
3 hours agoServer SLAM Appetizer Before RELEASE! // Arc Raiders
79 watching -
19:20
Stephen Gardner
1 day ago🚨Trump's latest Marco Rubio ORDER LEAKED by New York Times!
93.7K132 -
21:33
Liberty Hangout
2 days agoDemocrats Invite Me Over For Breakfast
18.6K52 -
2:38:56
FreshandFit
17 hours agoShe Left Her Man To Find A HVM In Miami w/ 6IX9INE
385K172 -
11:16
Blackstone Griddles
15 hours agoDouble Roasted Green Chile Smash Burger on the Blackstone Griddle
17K2