Ethical Hacking and Penetration Testing Guide

Client Side Exploitation
◾ 
209
3. Once the webserver is set up and the PDF exploits are loaded onto it, the URL is sent to the 
victim via social engineering.
4. Once the victim clicks on the URL, the PDF exploit is injected and does the rest of the work 
for you.
Scenario from Real World
The purpose of the book is not only to teach you to work with the tools but to familiarize you with 
a proper penetration testing methodology. Tools keep changing, but the methodology remains 
the same.
So imagine a real-world scenario where you are pentesting against a company ABC. By using 
some information-gathering techniques you learned in the previous chapter, you find out that the 
e-mail address of the CEO is steven@abc.com.
By using a fake mailer, you e-mail the following message to Steven from the e-mail address of 
the company’s IT department head, say, Rolph.

210
◾ 
Ethical Hacking and Penetration Testing Guide
Hi Steven,
We would like to inform you about a critical update for all Windows users. We recommend you read 
the attached PDF document and follow the step-by-step instructions mentioned in the document to 
update your system
.
Warm regards
,
Rolph | ABC.com
ABC IT DEPT
The CEO will think that the e-mail is legitimate and is really from the IT department, so he will 
open the PDF document without hesitation, thereby enabling the attacker to take full control of 
his computer.

Yüklə 22,44 Mb.

Dostları ilə paylaş: