JSRat is a reverse HTTP Shell by using JavaScript. JSRat use rundll32.exe to load the JavaScript code in cmd and a HTTP Shell is returned when the code is executed. The special part is that after running the cmd command, rundll32.exe will remain in the background to continuously connect to the Server. No file is written to the disk during the whole process, which significantly enhances stealth.
Characteristics:
To reverse a shell by using cmd to execute codes
Advantages:
- It can avoid being killed
- It’s easy to use
- It’s relatively stealthy.
Exploitation:
Based its characteristics and advantages, using JavaScript as the phishing payload can achieve amazing effect.