HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
54:17
Man in America
15 hours ago50 MILLION Illegals: The TIME BOMB Threatening to Destroy America w/ J.J. Carrell
49.1K50 -
1:09:13
Tundra Tactical
7 hours ago $4.61 earnedThe Worlds Okayest Gun Live Stream
39.4K3 -
4:01:56
The Sufari Hub
8 hours ago🔴ELDEN RING MODDED - ROAD TO #1 GAMER ON RUMBLE - #RumbleGaming
52K -
4:23:35
thatsnotkyle
7 hours agoPUBG | Chicken Dinners
53.9K2 -
54:47
Sarah Westall
11 hours agoTranshumanism vs Natural Human Zones, AI consciousness and the Hive Mind Future w/ Joe Allen
87.6K38 -
![[LIVE] The Sunday Surprise! | Testing Halo Star Wars Mods!](https://1a-1791.com/video/fww1/70/s8/1/U/P/W/x/UPWxy.0kob-small-LIVE-The-Sunday-Surprise-A-.jpg)
4:29:06
Joke65
9 hours ago[LIVE] The Sunday Surprise! | Testing Halo Star Wars Mods!
64.4K -
3:09:00
MaverickLIVE
9 hours agoFirst Rumble Stream!
54.6K2 -
8:06:12
xTimsanityx
13 hours ago🟢LIVE: COACH ALWAYS TOLD ME, "SHOOTERS SHOOT" | GOONING ON E-DISTRICT
41.1K2 -
32:19
SB Mowing
2 days agoThis yard was putting KIDS IN DANGER - Now they can SAFELY play outside again
50K26 -
LIVE
Lofi Girl
2 years agolofi hip hop radio 📚 - beats to relax/study to
255 watching