This chapter explained the hands-on approach to client-based exploitation. Learning client-based exploitation will ease a penetration tester in internal audits or in a situation where internal attacks can be more impactful than external ones.

In this chapter, we looked at a variety of techniques that can help us attack client-based systems. We looked at browser-based exploitation and its various variants. We learned how we could create various file format-based exploits. We also looked at bypassing the antivirus detection mechanism using Metasploit's built-in msfencode and msfvenom. We learned about using Metasploit with DNS-spoofing attack vectors. Lastly, we also learned about exploiting a Linux-based client.

In the next chapter, we will ...