Client-side scripts, such as JavaScript, VBScript, and PowerShell, were developed to move the application logic and actions from the server to the client's computer. From an attacker's or tester's perspective, there are several advantages of using these scripts, as follows:
- They're already part of the target's natural operating environment; the attacker does not have to transfer large compilers or other helper files, such as encryption applications, to the target system.
- Scripting languages are designed to facilitate computer operations, such as configuration management and system administration. For example, they can be used to discover and alter system configurations, access the registry, execute programs, access network services and databases, and move binary files via HTTP or email. Such standard scripted operations...
