HTML Smuggle with JavaScript
1 year ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
53:31
Standpoint with Gabe Groisman
9 hours agoEp 50. God is Real! with Academy Award-winning actor John Voight
63.2K48 -
35:04
Power Slap
7 days agoPower Slap: Road to the Title - Season 3 Episode 9 - Bring Out That Monster
753K101 -
15:52
Scammer Payback
1 month agoScammers Located in this Apartment
114K60 -
10:41
Breaking Points
3 days agoARSON, 'FREAK OFFS', LUBE: Diddy Indictment SHOCKING DETAILS
71.1K35 -
45:44
hickok45
12 hours agoSunday Shoot-a-Round # 247
42.9K50 -
3:34
Cooking with Gruel
1 day agoBrown Butter Deviled Eggs
45.8K10 -
11:06
Bearing
8 hours agoThe Office 2024 Australian Reboot Looks GARBAGE
43.7K17 -
28:21
Lloyd And Mandy
12 hours agoThe INCREDIBLE Hack Every Online Business Owner MUST KNOW In 2024..
49.5K3 -
0:51
scoutthedoggie
1 day agoWhat's in your Northeast UZI Rob?
49.1K2 -
12:49
Misha Petrov
21 hours agoI Triggered The Furries…
70.3K71