CHM

CHM VECTORS

Compiled HTML Help File Exploitation

Home > CHM Exploit

Technical Overview

Compiled HTML Help (CHM) files are Microsoft help documentation format executed by `hh.exe`. They contain compressed HTML, images, and can include JavaScript or ActiveX objects. When opened, CHM files can execute embedded scripts with the privileges of the current user, bypassing many security controls.

Key Mechanisms

Script Execution: Embedded JavaScript runs via the `hhctrl.ocx` ActiveX control with local zone privileges.
Shortcut Abuse: Can invoke `hhc.exe` with command-line arguments to execute arbitrary commands.
MOTW Bypass: CHM files extracted from archives may bypass Mark-of-the-Web protections.

Red Team Advantages

Trusted Format Help files are commonly used in enterprise environments, reducing suspicion.
LOLBin Execution Uses signed Windows binary `hh.exe` for code execution, evading application whitelisting.
Stealth Delivery Can be embedded in ISO/ZIP files to bypass email filters and web gateways.

Purchase CHM Exploit

Proof & Verification

🎬 VIDEO

▶

Video coming soon

Watch Full Demo

🛡️ AV SCAN RESULTS

0/60

Detection Rate

View Full Report