Client-side attacks are always an interesting topic and are a major target for attackers today. As network administrators and software developers harden their perimeter, testers need to find a way for victims to open the door for them to enter the network. Client-side attacks require user interaction, such as convincing the user to click on a link, open a document, or somehow enter a malicious website.
There are many ways to perform client-side attacks using Metasploit, and we will demonstrate some of them here.
1. Metasploit binary payloads (payload)
Metasploit seems to be full of interesting and useful features. One of them is the ability to generate executables from Metasploit payloads. This is useful in situations such as social engineering; if you can get users to run your payload for you, there's no reason to go to the trouble of leveraging any software.
Let's look at a simple example of how to do this. We will generate a reverse shell payload, execute it on the remote system, and obtain our shell. To do this we will use the command line toolmsfvenom. This command can be used to generate payloads for use in many locations, with a variety of output options available, from perl to C to raw. We are interested in the executable output provided by the -f exe option.
We will generate a Windows reverse shell executable that will connect to us via port 31337.
root@kali:~# msfvenom --payload-options -p windows/shell/reverse_tcp
Options for payload/windows/shell/reverse_tcp:
Name: Windows Command Shell, Reverse TCP Stager