HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
Sean Unpaved
1 hour agoRavens' Resurrection Night: Lamar Buries Miami, NFL/CFB Spooky HC Shifts, & Kalshi's Week 9/10 Odds!
95 watching -
LIVE
Film Threat
1 day agoHALLOWEEN HORROR + BACK TO THE FUTURE RERELEASE + MORE REVIEWS | Film Threat Livecast
66 watching -
1:21:16
Steven Crowder
4 hours ago10th Annual Halloween Spooktacular: Reacting to the 69 Gayest Horror Movies of All Time
212K120 -
57:39
The Rubin Report
3 hours agoKamala Gets Visibly Angry as Her Disaster Interview Ends Her 2028 Election Chances
29.4K47 -
LIVE
Dr Disrespect
3 hours ago🔴LIVE - DR DISRESPECT - ARC RAIDERS - DANGEROUS ADVENTURES (LEVEL 12)
1,593 watching -
LIVE
LFA TV
17 hours agoLIVE & BREAKING NEWS! | FRIDAY 10/31/25
2,164 watching -
1:36:11
The Mel K Show
2 hours agoHunters Become the Hunted: A Reckoning Is Finally Coming - 10/31/25
15.8K11 -
1:02:41
Outspoken with Dr. Naomi Wolf
2 hours ago"The Devil His Due"
18.4K -
1:02:27
VINCE
5 hours agoA Very Trump Halloween | Episode 159 - 10/31/25
166K138 -
2:07:18
Badlands Media
12 hours agoBadlands Daily: October 31, 2025
65.8K17