Monday 06 July 2026 17:19:14 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Browser-to-shell

An attack path that moves a victim from a web page into a command-line execution step.

Browser-to-shell is an attack path that turns a web page into a launch point for command-line execution. Instead of exploiting the browser directly, the attacker uses the page to persuade the user to copy, paste, or run a command in a shell such as Command Prompt, PowerShell, or Terminal.

This matters because the dangerous step happens after the page has loaded, which can bypass many web-only defenses. It is common in social-engineering attacks, where fake errors, verification prompts, or malicious JavaScript guide the victim toward executing attacker-controlled instructions. Once the shell runs, malware downloaders, credential stealers, and persistence scripts can be deployed quickly. Defenders look for suspicious copy-and-paste prompts, unusual child processes spawned by browsers, and command-line activity that follows web browsing. User awareness, application control, script restrictions, and monitoring for browser-to-shell transitions help reduce the risk.

← WIKICROOK index