]HackingTeam[ KnowledgeBase Product
Search:     Advanced search

How to run a multibrowser exploit through the INJECT-HTML-FILE rule on TNI

Article ID: 222
Last updated: 10 Jun, 2015


A closer explanation for multibrowser exploit usage with TNI.


  • Windows 7 (32 or 64 bit), Windows 8 or 8.1 64 bit.

  • Chrome, Internet Explorer, Firefox (any recent version).

  • Adobe Flash (any recent version).

!!! โ‡’ If some of the above requirements are not met, the agent will not be deployed correctly (while the website will still be correctly displayed). No alert message is displayed upon accessing the exploiting website, no user interaction is required but browsing the provided URL.


The INJECT-HTML-FILE is a rule that can be used to infect a target through an exploit for Windows:

  1. the client opens a ticket from support system, with the request for an inject html file;
  2. for a Windows target, he provides the support team with the Silent Installer generated from the Console, and lets them know how many URLs will be sent to the targets;
  3. the support team will send an html file to the client;
  4. the client uses the Console (section Network Injector) to create a rule html inject file and sets as resource pattern the URL that he prefers and as file the HTML file he obtained from the support team (at step 3);
  5. the client tests the rule on a target Windows that must have the abovementioned requirements.

!!! โ‡’ If the exploit is successful, the agent will start after the next logon or reboot of the system. All the exploits are one-shot: the provided URL will try to exploit only the first user that visits the page with a compatible browser, all subsequent visitors won't be served any exploit code.

!!! โ‡’ The exploit will be available only for a limited period of time; after 7 days it will automatically deactivate itself.

Article ID: 222
Last updated: 10 Jun, 2015
Revision: 1
document Public
Views: 6
Comments: 0
This article was:   Helpful | Not helpful
Prev   Next
TNI     Troubleshooting