Using Browser Exploitation to Take Over a Host’s Computer

CEH Exam Domain:
Domain 1: Background
Domain 2: Analysis/Assessments
Domain 4: Tools/Systems/Programs

CEH Objective Mapping:
Objective 1.2 Information Security Threats and Attack Vectors
Objective 1.3 Information Security Technologies
Objective 2.2 Information Security Assessment Practices
Objective 4.3 Information Security Tools

Overview

In this lab, you will exploit a browser to take over a host’s computer. In ethical hacking and penetration testing, white hat hackers use vulnerabilities in systems to test defenses and report on those weaknesses to a client. Black hat hackers use vulnerabilities to cause harm to an organization’s systems and network. The main reason for hackers to attack machines and networks is for financial gain. In this lab, you will use an Internet Explorer vulnerability to take over a victim’s machine.

outcomes:

In this lab, you will learn to:

Use Metasploit to exploit a web browser vulnerability.
Use spear phishing to trick a user into launching a web browser vulnerability.
Breach a host's computer using the web browser vulnerability.

Courses

Ethical Hacking and Systems Defense Skill Lab

Key terms and descriptions

Spear phishing

Used to entice an individual to check a link or open an attachment in an e-mail.

Meterpreter

A Meterpreter payload can be used by an attacker for control over a victim’s system.

Kali

A Linux distribution used for penetration testing or for hacking.

Opera

A free browser and e-mail client.

XAMPP

An open-source web server package consisting mainly of the Apache HTTP Server, MariaDB, and interpreters for scripts written in the PHP and Perl programming languages.