https://github.com/darkrelay-security-labs/vwa

Vulnerable Windows Application for Pentesters from the house of DarkRelay Security Labs. The project is along the lines of DVWA, AWSGoat and other similar projects, to help the cybersecurity community practise their skills.
https://github.com/darkrelay-security-labs/vwa

cybersecurity cybersecurity-tools damn-vulnerable dvwa infosec infosec-tools infosectools windows

Last synced: 7 days ago
JSON representation

Vulnerable Windows Application for Pentesters from the house of DarkRelay Security Labs. The project is along the lines of DVWA, AWSGoat and other similar projects, to help the cybersecurity community practise their skills.

• Host: GitHub
• URL: https://github.com/darkrelay-security-labs/vwa
• Owner: DarkRelay-Security-Labs
• License: apache-2.0
• Created: 2022-10-30T04:52:24.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2023-12-28T17:50:13.000Z (over 1 year ago)
• Last Synced: 2025-03-29T08:32:54.920Z (29 days ago)
• Topics: cybersecurity, cybersecurity-tools, damn-vulnerable, dvwa, infosec, infosec-tools, infosectools, windows
• Homepage: https://www.darkrelay.com
• Size: 1.15 MB
• Stars: 9
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Vulnerable Windows Application for Thick Client Penetration Testing 

Vulnerable Windows Application for Pentesters from the house of [DarkRelay Security Labs](https://www.darkrelay.com/). The project is along the lines of DVWA, AWSGoat and other similar projects, to help the cybersecurity community practise their skills in thick client penetration testing.

## Disclaimer

Warning! You are about to install DarkRelay's Vulnerable Windows Application! Purpose of the application is to educate students on Windows thick client penetration testing. If you use this application for malicious means or if your server is compromised via an installation of this application, DarkRelay does not hold any responsibility! DarkRelay or it's contributors will not be responsible for misuse of this application.

If you have more questions, please write to us via [get-started](https://www.darkrelay.com/get-started) or email us at: [[email protected]](mailto:[email protected])

## Write-ups

[https://www.darkrelay.com/post/thick-client-penetration-testing](https://www.darkrelay.com/post/thick-client-penetration-testing)

## Vulnerabilities present in application

- DLL Hijacking

- EXE Hijacking

- Symlink Attacks

- IFEO Injection

- Unquoted Service Path

- Man In the Middle Attack

- Weak Named Pipe

- Weak Memory Protection

- Stack Buffer Overflow

- Absence of Digital Signatures

- COM Hijacking

- Process Injection

## Installation

Install the msi as an Administrator

## Platorms Supported and tested

Windows 10 x64, Windows 2016 and 2019 x64

## Recommended pentest tools

- Microsoft Sysinternal Tools

- Immunity Debugger

- Symboliclink-testing-tools from Google

- Echo Mirage

- Regshot

- Windows Attack Surface Analyzer

- mingw compiler c++

## TBD

- Add more vulnerabilities.

- Add test cases.

- Add and verify multi platform support.

## Licensing 

This project is available under the [Apache 2.0 license](./LICENSE).

## Contributing to the project

Please open a pull request with your changes and drop a mail to [[email protected]](mailto:[email protected]) requesting approval.

## Follow Us For More:

[LinkedIn](https://linkedin.com/company/darkrelay)


[Twitter](https://twitter.com/darkrelaylabs)


[YouTube](https://www.youtube.com/channel/UCtnLa860lUkRhtmpYvbXlTw)