Client side attacks

Client side attack invloves exploiting a weakness in client software such as browser, in order to gain access to a machine.

The victim computer does not have to be routeable or directly accessbile to the attacker. As long as the victim is able to browser to the attacker site, the attack can occur.

Scenario

Victim == Firewall == INTERNET == Attacker

1. The victim browses the attacker's site.
2. Malicious html exploits a browser vulnerability, and executes shellcode.
3. Shellcode is a reverse shell over port 443 to attackers machine.

Client side attacks can come in other forms, such as Microsoft Doc, ppt, xls files which may exploit a vulnerability in ms office. Perhaps one of the nastiest client side bugs was Microsoft GDI heap overflow, which could be triggered by a JPG image file. Sending the vulnerable victim a seemlingly benign JPG would result in code execution on their machine just by viewing (or  previesing) the file.