HTML Smuggle with JavaScript
3 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
3:12:33
Misfits Mania
15 hours ago $20.10 earnedANDREW TATE VS CHASE DEMOOR OFFICIAL OPEN WORKOUT
173K16 -
LIVE
MYLUNCHBREAK CHANNEL PAGE
1 hour agoA.I. Destroys History
132 watching -
LIVE
The Mel K Show
1 hour agoMORNINGS WITH MEL K- Confronting Inverted Truth & Suicidal Empathy - 12-17-25
218 watching -
UPCOMING
The Shannon Joy Show
1 hour agoSJ LIVE Dec 17 - The Latest On #RealityDC: Queen Susie Takes Her Throne. Move Over Trump, There’s A New Sheriff In Town! With Special Guest - Independent Political Analyst Carey Wedler!
73 -
LIVE
Badlands Media
8 hours agoBreaking History Ep. 129
177 watching -
UPCOMING
Grant Stinchfield
30 minutes agoWhat Are They Hiding at Brown University, Campus Wokeness Blocks the Truth!
-
LIVE
Trumpet Daily
13 minutes agoTrumpet Daily LIVE | Dec. 17, 2025
91 watching -
UPCOMING
Tudor Dixon
50 minutes agoBondi Beach Attack, Radicalization, ISIS, and Rising Anti-Semitism | The Tudor Dixon Podcast
7 -
1:02:04
VINCE
3 hours agoAre We Really Being Told The Full Story? | Episode 190 - 12/17/25 VINCE
156K77 -
LIVE
The Bubba Army
22 hours agoTRUMP'S CHIEF OF STAFF RUNNING WILD! - Bubba the Love Sponge® Show | 12/17/25
466 watching