| description |
|---|
09-26-22 |
Client side attacks are attacks in which the threat actor is attempting to gain access to the network that utilizes techniques that require a victim's user interaction.
This includes:
- Social Engineering
- Enticing them to click a link
- Open a document
- Send them to your malicious website
This is one of the most common tactics that can be used to execute proper client side attacks. Depending on the tactic you use or the information you gathered during the information gathering stage, you will have a higher chance of success for the client to click on it.
Examples of common client side attacks:
- Understanding HTA Attacks: https://www.trustedsec.com/blog/malicious-htas/
- Creating HTA Files with Empire: https://dmcxblue.gitbook.io/red-team-notes/initial-acces/spear-phishing-links/tools
- Template for creating your own: https://github.com/tjnull/OSCP-Stuff/blob/master/Client-Side-Attacks/Template.HTA
Tools to use for HTA Attacks:
- Demiguise: https://github.com/nccgroup/demiguise
- WeirdHTA: https://github.com/felamos/weirdhta
- SharpShooter: https://github.com/mdsecactivebreach/SharpShooter
Microsoft Office Macros (Maldoc):
- Malicious Macros: https://www.trustedsec.com/blog/malicious-macros-for-script-kiddies/
- Creating your own Maldoc: https://www.pentestpartners.com/security-blog/how-to-create-poisoned-office-documents-for-your-staff-awareness-training-part-1/
- Building Obfuscated Macros: https://blog.focal-point.com/how-to-build-obfuscated-macros-for-your-next-social-engineering-campaign
Tools to help you build your own Macros:
I would use these tools to learn how to make your own. Be creative when you are building your own Macros as using tools like this will be flagged by AV
- MSFVenom Vbscript Injections: https://www.offensive-security.com/metasploit-unleashed/vbscript-infection-methods/
- Macropack: https://github.com/sevagas/macro_pack
- EvilClippy: https://github.com/outflanknl/EvilClippy