Security scanners are now available on every web server, computer, and even personal smartphone. However, do they truly provide protection against malicious files? The answer is simple: "Cybersecurity consists of 70% system and 30% human knowledge." This means that users must also be educated about computer and internet security.
You may also like to read: TGPT AI Chatbot For Your Linux Terminal
In this blog, we will explore a method used by attackers to bypass scanners and send malicious files, even on platforms like Google, such as Gmail.
File smuggling is a technique that allows users to bypass restrictions on certain file types, such as those blocked by corporate proxies. It involves disguising the prohibited file within a different, permitted format, allowing it to pass through security filters undetected.
For example, if a company blocks .exe downloads, file smuggling can be used to embed the .exe within a seemingly harmless image file. Once downloaded, the user can then extract the .exe and access the previously restricted content.
File Smuggling Builder
This is a self-contained HTML app, handy, supports Windows, Mac, Linux and mobile.
It adopts HTML smuggling technique, leverages HTML5 and JavaScript to embed encoded file into HTML file, when user runs the JavaScript code in browser, it decodes the embedded payload, which, in turn, assembles the target file on the destination device.
You can convert your file to HTML encoded format, with password protected, then use it as email attachment or file download from web.
How To Use HTML Smuggling Builder
Here is the simple steps that you need to follow:
1. Choose the target file putty.exe, then generate putty.exe.html
1b. Open putty.exe.html, then retrieve putty.exe
Download putty.exe.html from this repository (password is password) or try it online
2a. Choose the target file Sample Document.docx, then generate Sample Document.docx.html
Download sample Document.docx.html from this repository (password is password) or try it online
Now you have the final file and this can be attached to email for further attack on the victim's system.
HTML Smuggling Technique
Use of JavaScript Blob
When working with Javascript, the file can be created by using a Javascript Blob, A Blob is a representation of the payload.
var bobject = new Blob([payload], {type: 'octet/stream'});
Using the URLcreateObjectURL
It invokes the click action from within the Javascript, we mimic the user clicking on the link and starting the file download.
var hiddenobject = document.createElement('a');
var url = window.URL.createObjectURL(bobject);
hiddenobject.href = url;
hiddenobject.download = targetfilename;
hiddenobject.click();
Due to encoded patterns, no original file of the content passes through the network, bypassing email scanners, proxies, and sandboxes.
As security admin. if you don't want a user to bypass, you may fine-tune the detection rule based on its characteristics or simply block HTML files.