Αξιολόγηση και εκμετάλλευση ευπαθειών επιθέσεων πελατών
This thesis’ aim is to examine a relative new kind of attack that during the past few years have been climbing in use in an incremental rate. This kind of attack pursues to take advantage of the end user in order to make them give up access to the attacker. We examined what makes this kind of attack so successful and what are the motives that lie behind the attackers. Then Metasploit and SEToolkit tools have their architecture analyzed and the way they work along with all the available commands is summarized. Furthermore these tools are studied by presenting a real case scenario of a client side attack. More specifically at the side of the victims we have two web designers that both work together, having their work advertised in a blog. The attacker gathers personal information from their website and emails from the metadata of the files that are hosted and unleashes a social engineering attack to one of the two victims. He manages to get shell access through a java exploit and then through the use of various techniques such as pivoting, powershell, ssh tunneling and pass the hash he manages to get access to the whole corporate network.