Ανάλυση του πλαισίου δοκιμών διείσδυσης Metasploit : έρευνα στο λειτουργικό σύστημα Android
Analysis of the Metasploit penetration testing framework : research on Android operating system
KeywordsAndroid (Electronic resource) ; Λειτουργικά συστήματα ; Ασφάλεια διαδικτύου ; Κακόβουλο λογισμικό
In this thesis, a study and a detailed description of the architecture and technical infrastructure of the Metasploit Framework will be performed, as well as a study of the vulnerabilities that exist in the Android operating system. Metasploit is an established platform for vulnerability analysis and network penetration testing. Metasploit can simulate real situations of networks and attacks in order to discover weaknesses that may exist, before these are discovered by malicious hackers. We use attack techniques to bypass any of the available defenses in our system (such as antivirus, firewall, IPS) to discover the credentials of ''easy-to-find'' user accounts. Then, we use Metasploit, to analyze security vulnerabilities on Android environment. Android is an operating system for mobile devices that is nowadays the most popular mobile operating system, as it covers the largest share of the market. The risks incurred by users of an Android device, may be different to those we face as a desktop or laptop computer user, but it is equally serious and requires attention in order to address these risks. Just like other computers, android devices are also subject to malware attacks. Due to the rising popularity of the Android OS, the incident of attacks is rapidly increasing on Android devices and therefore the users are constantly exposed to malicious attacks. This thesis will conclude with the study of some known weaknesses that exist in Android. By using the Metasploit framework we will analyze two (2) cases of security flaws of the Android operating system.