Description: This is Part 14 of the Security Metasploit Framework Expert (SMFE) course material. You can begin by watching Part 1 here: http://www.securitytube.net/video/2556 . Enjoy! Certifications page: http://www.securitytube.net/cert-list
In this video, we will explore the fun world of client side exploits. Till now we have seen how we can exploit server side vulnerabilities with Metasploit. These are great! but what if the host we want to exploit is firewalled for all incoming connections? or behind a NAT? in such case, we will not be able to access the service remotely from the Internet and exploit it. This is where client side exploit comes in! using these we will lure the client to use an application such as a web browser (which is not patched) and view a resource such a web page created by us. This web page would contain an exploit which would help us break into the client and then use a reverse connect payload to connect back to us.
The advantage we have with client side exploitation is that (1) we are targeting client side software which is typically more vulnerable in todays world than OS software (2) the victim connects to us, hence we do not have to worry about inbound firewall rules, NAT etc. (3) the reverse connect payload ensures that we do not have to bother about network issues mentioned in 2.
Please do leave your comments behind.