Επιθέσεις σε λειτουργικά συστήματα με χρήση του Metasploit στα πλαίσια της αξιολόγησης ασφαλείας
Μπαλλάση, Σταυρούλα - Ινώ Ε.
This dissertation aims to study the methods and techniques used by attackers to exploit vulnerabilities of an information system. First, it examines the characteristics of hackers and the types of attacks they use. Then, it analyzes the concept of Penetration Testing, the steps needed for its proper implementation and tools used for each phase. Then, it is analyzed the tool Metasploit as it is mainly used for the implementation of the attacks. Specifically, its architecture is analyzed and all the commands are summarized. Furthermore, attacks on the part of Penetration Testing are studied. Specifically, Backtrack is used, which is a linux distribution and includes many tools such as Metasploit, always on the side of the hacker. From the perspective of the victim different operating systems are used, depending on the type of attacks. For example, WindowsXp SP2 for implementing DoS, SMB, VNC, Client-Side and Man-In-The- Middle attacks, Metasploitable for attacks on MySql and Postgres databases and Damn Vulnerable Web Application for Web attacks such as SQL Injection, Command Execution and XSS, are used.