Introduction

In this video, I talked about how to create an executable HTML page that runs remote code execution on the target.

Basically this attack works on Internet explorer and to some degree Microsoft Edge. Although a large chunk of users are now shifting to Google Chrome and Firefox, still there are corporations and users who are still relying on these two browsers.

So to increase the chances of succeeding with this attack or testing ( in case you are to conduct this for your client ) you need to couple it with social engineering tactics.

Lets say You prepared an email template and you include the HTML page within a hyperlink. Your target works within the HR Department so your plot will be like this:

‘Dear Mr..I couldn’t attach my resume for some reason but I uploaded it online. Please use Internet Explorer or Microsoft edge to open my resume’

BINGO

Get OSCP Certificate Notes

Video Walk-through

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles