Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/srini0x00/dvta
Damn Vulnerable Thick Client App developed in C# .NET
https://github.com/srini0x00/dvta
Last synced: about 1 month ago
JSON representation
Damn Vulnerable Thick Client App developed in C# .NET
- Host: GitHub
- URL: https://github.com/srini0x00/dvta
- Owner: srini0x00
- License: mit
- Created: 2020-07-11T14:07:21.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2023-08-17T21:01:36.000Z (over 1 year ago)
- Last Synced: 2024-08-03T02:02:50.244Z (4 months ago)
- Language: C#
- Homepage:
- Size: 2.3 MB
- Stars: 134
- Watchers: 4
- Forks: 53
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-vulnerable-apps - Damn Vulnerable Thick Client - Damn Vulnerable Thick Client App developed in C# .NET (Uncategorized / Firmware)
- awesome-hacking-lists - srini0x00/dvta - Damn Vulnerable Thick Client App developed in C# .NET (C# #)
README
DVTA 2.0
--------DVTA is a Vulnerable Thick Client Application developed in C# .NET
Most of the vulnerabilities that were built into DVTA were found during my real world pentests.
Some of the vulnerabilities covered in this Application.
-------------------------------------------------------
Insecure local data storage
Insecure logging
Weak cryptography
Lack of code obfuscation
Exposed decryption logic
SQL Injection
CSV Injection
Sensitive data in memory
DLL Hijacking
Clear text data in transit
Client side protection bypasses using Reverse EngineeringRequires .NET version 4.5
Usage:
------
1. Get the compiled binary from releases. Alternatively, clone the project and compile from the source.
2. Set up SQL Server and FTP Server - instructions shown here https://youtu.be/rx8mtI1HU5cQueries used in the video:
QUERY TO CREATE "USERS" TABLE:
CREATE TABLE "users" (
"id" INT IDENTITY(0,1) NOT NULL,
"username" VARCHAR(100) NOT NULL,
"password" VARCHAR(100) NOT NULL,
"email" VARCHAR(100) NULL DEFAULT NULL,
"isadmin" INT NULL DEFAULT '0',
PRIMARY KEY ("id")
)QUERY TO INSERT DATA INTO "USERS" TABLE:
INSERT INTO dbo.users (username, password, email, isadmin)
VALUES
('admin','admin123','[email protected]',1),
('rebecca','rebecca','[email protected]',0),
('raymond','raymond','[email protected]',0);QUERY TO CREATE "EXPENSES" TABLE:
CREATE TABLE "expenses" (
"id" INT IDENTITY(0,1) NOT NULL,
"email" VARCHAR(100) NOT NULL,
"item" VARCHAR(100) NOT NULL,
"price" VARCHAR(100) NOT NULL,
"date" VARCHAR(100) NOT NULL,
"time" VARCHAR(100) NULL DEFAULT NULL,
PRIMARY KEY ("id")
)3. Configure the client application to communicate with SQL Server and FTP Server - Instructions shown here https://youtu.be/IBdk2uOessc
4. Explore and exploit