HTML application attack

Outdated attack vector but still possible in older unpatched systems

When a file ends with the .hta extension HTML will automatically interpret it as an application and execute it.

For this reason .hta applications are run in an isolated context within the mshta.exe environment.

This attack is specific to Explorer.

#Crafting the evil .hta file --> poc.hta

#Serve it from /var/www/html with Apache

#Click on run

#The malicious script will launch CMD on target

#Get rid of the automatic blank window that pops up when the exploit is triggered

#Edit the poc.hta code to circumvent this issue

#This will close the window once the script is triggered

PreviousMetasploit Office MacroNextLog poisoning

Last updated