In this chapter, we will look at a workaround strategy to directly target the client-side applications. The user initiates the interaction with the client application, allowing attackers to take advantage of the existing trust that exists between the user and the application. The use of social engineering methodologies will enhance the success of client-side attacks.

Client-side attacks target systems that typically lack the security controls (especially firewalls and intrusion detection systems) found on enterprise systems. If these attacks are successful and persistent communication is established, the client device can be used to launch attacks if it is reattached to the target's network.

By the end of this chapter, you will have learned how to attack client-side applications using the following:

• Backdoor executable files
• Perform hostile script attacks (CScript, VBScript, and PowerShell)
• Utilize the Browser Exploitation Framework (BeEF)
• Equip the Cross Site Scripting Framework (XSSF) during penetration testing