Need of client-side attacks
In the previous chapter, we used the MS08_067net api vulnerability in our target system and got complete administrator-level access to the system. We configured the value of the RHOST variable as the IP address of our target system. Now, the exploit was successful only because the attacker's system and the target system both were on the same network. (The IP address of attacker's system was 192.168.44.134
and the IP address of target system was 192.168.44.129
).
This scenario was pretty straightforward as shown in the following diagram:
Now, consider a scenario shown in the following diagram. The IP address of the attacker system is a public address and he is trying to exploit a vulnerability on a system, which is not in same network. Note, the target system, in this case, has a private IP address (10.11.1.56
) and is NAT'ed behind an internet router (88.43.21.9x
). So, there's no direct connectivity between the attacker's system and the target system. By setting RHOST...