HTML Smuggle with JavaScript
2 years ago
14
A great way to obtain an intial foothold when doing covert ops is HTML smuggling. The idea is to get the client side to click on an HTML file. This will automatically download a file of choice which will connect back to our C2 Channel.
I used msfvenom to create the payload in raw format then fed this to Sharpshooter which converts the payload to Javascript. I could have used DotNetToJScript do this, however this way is much quicker. Keep in mind from an Opsec perspective, Sharpshooter might be signatured in todays security tools.
I base64 encode our Javascript payload. Then place the payload into a JavaScript Blob into my dropper. This dropper has a base64 decryption routine embedded.
Loading comments...
-
LIVE
The Charlie Kirk Show
1 hour agoChristians Under Siege + Shame! Shame! + AMA | O'Neill, Ahern | 10.3.2025
4,717 watching -
DVR
The White House
1 hour agoPress Secretary Karoline Leavitt Briefs Members of the Media, Oct. 3, 2025
2.3K3 -
LIVE
Dear America
1 hour agoEp 3 Graham Allen Show
1,221 watching -
2:01:12
The Culture War with Tim Pool
3 hours agoNigeria's Christian Genocide, Media Ignoring Atrocities | The Culture War Podcast
101K51 -
LIVE
Sean Unpaved
1 hour agoMLB DS Showdowns Set, 49ers-Rams TNF Recap, NFL/CFB Week 5 & 6 Picks!
84 watching -
LIVE
MattMorseTV
1 hour ago $2.30 earned🔴EMERGENCY White House PRESS CONFERENCE.🔴
1,373 watching -
LIVE
Side Scrollers Podcast
3 hours agoNetflix Execs to TESTIFY Over LGBTQ Agenda + IGN DESTROYS Xbox Game Pass + More | Side Scrollers
463 watching -
3:10:53
iCkEdMeL
4 hours ago $1.80 earnedChicago Erupts in ICE Protest as Diddy Faces Judge’s Hammer
26.3K -
LIVE
Barry Cunningham
1 hour agoBREAKING NEWS: KAROLINE LEAVITT HOSTS SURPRISE WHITE HOUSE PRESS CONFERENCE!
1,507 watching -
1:31:26
Steven Crowder
4 hours agoHegseth Makes the Military Great Again!
198K201
