In this video, I talked about how to create an executable HTML page that runs remote code execution on the target.
Basically this attack works on Internet explorer and to some degree Microsoft Edge. Although a large chunk of users are now shifting to Google Chrome and Firefox, still there are corporations and users who are still relying on these two browsers.
So to increase the chances of succeeding with this attack or testing ( in case you are to conduct this for your client ) you need to couple it with social engineering tactics.
Lets say You prepared an email template and you include the HTML page within a hyperlink. Your target works within the HR Department so your plot will be like this:
‘Dear Mr..I couldn’t attach my resume for some reason but I uploaded it online. Please use Internet Explorer or Microsoft edge to open my resume’