I've been thinking if its possible or not to craft a special webpage that has a direct download to a trojan or whatever and it automatically opens it without user interaction, Maybe it could be done using a Script or code in the webpage?
Since i dont know how web applications and things work i thought about asking you guys here in Null-Byte
3 Responses
They are commonly refered as 'drive by' exploits. They use java / browser / flash exploit that upon landing on a page will trigger a download-execute shellcode that run the real malware on your pc.
I'm sure there are already guides here somewhere on specific exploits, or you can google 'browser autopwn' for something more generic.
Yeah i tried them on cobalt strike, they are pretty effective
Should not be easy to craft a drive by download and alterate the browser behaviour to execute it if that's an executable file.
Share Your Thoughts