HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
Man in America
6 hours agoTrump Demands Big Pharma Come Clean on Covid Shots w/ Dr. David Martin
1,109 watching -
1:40:27
megimu32
2 hours agoOTS: Labor Day Sitcom Blowout - Tim, Ray, & Relatable Chaos!
12.2K2 -
LIVE
StevieTLIVE
2 hours agoWarzone Wins w/ FL Mullet Man
91 watching -
1:04:01
BonginoReport
5 hours agoLefties Wish Death on Trump but He’s BACK! - Nightly Scroll w/ Hayley Caronia (Ep.125)
163K64 -
LIVE
Tundra Tactical
2 hours ago $0.48 earnedWe Survived the Military… But Not This Basement
126 watching -
20:12
Clownfish TV
10 hours agoDisney Needs MEN Back?! They ADMIT Star Wars and Marvel are DEAD!
9.35K22 -
LIVE
Anthony Rogers
10 hours agoEpisode 381 - Tim Kelleher
45 watching -
1:01:42
The Nick DiPaolo Show Channel
7 hours agoTDS Hits New Level! | The Nick Di Paolo Show #1786
43.5K31 -
1:02:27
Michael Franzese
5 hours agoFace to Face with a Former Chinatown Gangster Turned NYPD Detective
45K13 -
1:31:25
The Confessionals
10 hours agoThe Queen of Heaven Exposed (Hathor, Lilith & Ancient Gods Return)
29.4K6