A exploit kit is a software kit designed to run on web servers, with the purpose of identifying software vulnerabilities in client machines communicating with it, and discovering and exploiting vulnerabilities in it to execute malicious code on client. Exploit kits are modular, allowing easy addition and removal of vulnerabilities and provides a user interface to control the settings, thereby automating the entire process of compromising a client. The exploit kit uses known available browser vulnerabilities and as soon as a client request reaches the web server running exploit kit (through traffic redirection), exploit kit checks the client browser for vulnerabilities and exploits it if the browser is found vulnerable and provides a remote shell of victim machine to control it. The participants are required to develop such a exploit-kit with a GUI
Students should form a small network of 2-3 computers with popular browser (chrome/firefox) installed. They should perform the exploitation on the browser using the developed kit from the other computer in the network and demonstrate the comprising and thereafter controlling the target machine.
Sample Data Required: No