How to pop shells with HTML ?

This method is inspired from a blog that I read . This guy/girl did something similar for windows . So I thought lets apply this for linux . Here is the original blog :https://osandamalith.com/2020/07/19/hacking-the-world-with-html . My method is not quite different from the original method . This method allows you to modify a binary in such a way that when you open with firefox/chrome it will show you html content but if you execute the file it will run without any problem . The applications of this method is quite limited . One application that I can think of is you can put malware in the html file and make add a line that executes the file in your good program . This will act as a trojan . Some js framework like electron allows you to build desktop app with html and css . So if you add the malware in such HTML files it will execute when they run your app . You can also smuggle shells with this . Although linux users are quite smart .

A general idea

ELF is the abbreviation for Executable and Linkable Format and defines the structure for binaries, libraries, and core files. The formal specification allows the operating system to interpreter its underlying machine instructions correctly. ELF files are typically the output of a compiler or linker and are a binary format. An elf binary consists of different parts . Some of them are sections,segments . There are four main sections .text, .data, .rodata, and .bss . I wont explain about elf files here . Now lets read the elf file and print the data as integers. We are going to use python3 for this purpose . This code reads the elf file and prints it as integers .

Now lets look at the output . Here you can see a continuous stream of zero between 1 and

We are going to replace the zeroes with the ascii values of html comment as replacing them will have no effect on the binary . We also have to select a continuous stream of zero right after the ELF header . If we replace the elf header the binary wont run . So we selected zeroes just after the elf header . After adding html comments we can add the binary to html files . As it is commented it will be totally invisible when opened with a browser but the normal flow of the binary will continue . Then we will end the comment . We can do this by appending html comment ending symbol at the end of the binary . Then we will append the html file of our choice.

The algorithm :

  1. First read the binary you want to use using python or any other language . ELF files contains a lot of “\x00” . Find a continuous stream of “\x00” . We need 4 continuous null byted . Try to find the stream of null bytes just after the ELF header .

4. Thats it . The html file can be opened with any browser and if you run “./file.html” . It will still execute . Remember to add the html file at the buttom of the binary as shown in the image above .

Here is the output as HTML
It executed
Here is the html file after using the cat command

Now you have a chance of hacking NASA with HTML xD :)

I am a hacker and ex-web developer . I sometime work as a freelance dev/hacker . Sometime I hunt bugs