Skip to main content

HTA file

Even when common tools like cmd.exe, PowerShell and regedit are blocked, mshta.exe can often still be used to launch commands via .hta files.

<script>
  var shell = new ActiveXObject("WScript.Shell");
  shell.Run("cmd.exe");
</script>

✅ Why it works:

  • .hta runs via mshta.exe, a legitimate Windows binary.
  • It often bypasses app restrictions if not explicitly blocked.
  • Not an exploit, just living off the land.

Credits: Jochen den Ouden