Compromising the clients of a website
Common Metasploit exploits develop much more powerful techniques. In this section, we will try to develop approaches where we can convert common attacks into a much more severe attack.
We will discuss the good old browser autopwn exploitation here again. Now, you may know at this point that sending an IP address to the target can be catchy and a victim may regret browsing an IP address. Now, if an address of a website is sent to the victim instead of a bare IP address, the chances of catching the victim's eye become less and the results become more fruitful.
Injecting the malicious web scripts
A vulnerable website can provide the same kind of functionality as that of a browser autopwn server. Therefore, the browser autopwn module from Metasploit will automatically target the viewers of the website.
We can do this by injecting a simple script into the regular web page of a website. Therefore, whenever a visitor visits the injected page, his or her browser...
