HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
1:19:23
Josh Pate's College Football Show
12 hours ago $4.78 earnedBig Ten Program Rankings | What Is College Football? | Clemson Rage| Stadiums I Haven’t Experienced
68.9K1 -
LIVE
Vigilant News Network
17 hours agoBombshell Study Reveals Where the COVID Vaccine Deaths Are Hiding | Media Blackout
2,011 watching -
1:17:59
Sarah Westall
13 hours agoDOGE: Crime & Hysteria bringing the Critics & the Fearful - Plus new CDC/Ukraine Crime w/ Dr Fleming
85.6K8 -
45:39
Survive History
19 hours ago $10.98 earnedCould You Survive in the Shield Wall at the Battle of Hastings?
81.3K6 -
1:50:28
TheDozenPodcast
17 hours agoViolence, Abuse, Jail, Reform: Michael Maisey
114K4 -
23:01
Mrgunsngear
1 day ago $6.81 earnedWolfpack Armory AW15 MK5 AR-15 Review 🇺🇸
97.2K12 -
25:59
TampaAerialMedia
1 day ago $4.58 earnedUpdate ANNA MARIA ISLAND 2025
62.3K4 -
59:31
Squaring The Circle, A Randall Carlson Podcast
20 hours ago#039: How Politics & War, Art & Science Shape Our World; A Cultural Commentary From Randall Carlson
47.5K3 -
13:21
Misha Petrov
19 hours agoThe CRINGIEST Thing I Have Ever Seen…
39K75 -
11:45
BIG NEM
15 hours agoWe Blind Taste Tested the Best Jollof in Toronto 🇳🇬🇬🇭
28.2K1