HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
49:00
State of the Second Podcast
15 hours agoBeginners Guide to Stacking Gold & Silver (ft. United Patriot Coin)
1.47K1 -
8:40
The Lou Holtz Show
16 hours agoLou Holtz Slams Open Borders: "Do the Right Thing—Keep Americans Safe!
1.56K2 -
![[Ep 630] Election Integrity w/ Guest Steve Stern! | Sam Anthony [your]NEWS | Laura Loomer Delivers!](https://1a-1791.com/video/fww1/23/s8/1/G/S/8/t/GS8ty.0kob-small-Ep-630-Election-Integrity-w.jpg)
3:04:33
The Nunn Report - w/ Dan Nunn
15 hours ago[Ep 630] Election Integrity w/ Guest Steve Stern! | Sam Anthony [your]NEWS | Laura Loomer Delivers!
3.29K9 -
11:33
Russell Brand
17 hours agoThe Democratic Party is Becoming A Parody
102K249 -
26:17
The Brett Cooper Show
1 day agoWhy Trans Activists Are Attacking This Gym Owner | Episode 14
79.5K78 -
42:04
Film Threat
19 hours agoSNOW WHITE EARLY REACTIONS! | Film Threat After Dark
51.8K10 -
2:57:45
GoodLawgic
8 hours agoThe Following Program: Day 57 Recap: JF Files Realeased; Russo-Ukrainian Cease Fire?
25K10 -
2:42:22
Badlands Media
1 day agoEye of the Storm Ep. 240
120K37 -
8:15:45
MyronGainesX
1 day ago $40.74 earnedJFK Files Exposed With Cory Hughes! Israel Ends Ceasefire!
107K19 -
1:19:34
Awaken With JP
18 hours agoJFK Files FINALLY Released - LIES Ep 83
100K95