HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
2:55:38
Turning Point USA
3 hours agoWASHINGTON D.C. PRAYER VIGIL FOR CHARLIE KIRK
24.8K12 -
The Mel K Show
3 hours agoMel K & Tim James | Healing is an Inside Job | 9-14-25
6.07K1 -
LIVE
IsaiahLCarter
6 hours agoCharlie Kirk, American Martyr (with Mikale Olson) || APOSTATE RADIO 028
356 watching -
16:43
Mrgunsngear
9 hours ago $0.80 earnedKimber 2K11 Pro Review 🇺🇸
2.77K10 -
13:40
Michael Button
1 day ago $0.17 earnedThe Strangest Theory of Human Evolution
4488 -
10:19
Blackstone Griddles
1 day agoMahi-Mahi Fish Tacos on the Blackstone Griddle
8711 -
23:51
Jasmin Laine
1 day ago“Stop Wasting My Time!”—Trump's BRUTAL WARNING To Canada As Poilievre ROASTS CBC LIVE
1.74K16 -
9:54
Millionaire Mentor
1 day agoNBC Host EXPOSES JB Pritzker For Saying This About Trump
2173 -
1:35:39
SB Mowing
2 days agoIt took the WHOLE NEIGHBORHOOD to uncover this yards SHOCKING SECRET
73.3K60 -
12:52
ROSE UNPLUGGED
22 hours agoFrom Vision to Legacy: Charlie Kirk
45.8K19