HTA
HTML applications are another great way to exploit the end user when the system runs on Windows operating system. HTAs are executed using the MSHTA.exe program in Windows.
Since this runs arbitrary executions of applications from IE and as it clashes with the security boundaries of the browser, it is run outside of the security context of the browser using mshta.exe.
An HTA to invoke a reverse shell can be prepared using the following command,
Don't forget to start netcat at your end to receive the reverse shell from the victim's system.
Last updated