Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/srini0x00/dvta

Damn Vulnerable Thick Client App developed in C# .NET
https://github.com/srini0x00/dvta

Last synced: 3 months ago
JSON representation

Damn Vulnerable Thick Client App developed in C# .NET

Host: GitHub
URL: https://github.com/srini0x00/dvta
Owner: srini0x00
License: mit
Created: 2020-07-11T14:07:21.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-08-17T21:01:36.000Z (about 1 year ago)
Last Synced: 2024-06-16T22:36:48.499Z (5 months ago)
Language: C#
Homepage:
Size: 2.3 MB
Stars: 128
Watchers: 4
Forks: 51
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-vulnerable-apps - Damn Vulnerable Thick Client - Damn Vulnerable Thick Client App developed in C# .NET (Uncategorized / Firmware)
awesome-hacking-lists - srini0x00/dvta - Damn Vulnerable Thick Client App developed in C# .NET (C# #)

README

        DVTA 2.0

--------

DVTA is a Vulnerable Thick Client Application developed in C# .NET

Most of the vulnerabilities that were built into DVTA were found during my real world pentests.

Some of the vulnerabilities covered in this Application.

-------------------------------------------------------

    Insecure local data storage

    Insecure logging

    Weak cryptography

    Lack of code obfuscation

    Exposed decryption logic

    SQL Injection

    CSV Injection

    Sensitive data in memory

    DLL Hijacking

    Clear text data in transit

    Client side protection bypasses using Reverse Engineering

Requires .NET version 4.5

Usage:

------

1. Get the compiled binary from releases. Alternatively, clone the project and compile from the source.

2. Set up SQL Server and FTP Server - instructions shown here https://youtu.be/rx8mtI1HU5c

        Queries used in the video:

        QUERY TO CREATE "USERS" TABLE:

        CREATE TABLE "users" (

            "id" INT IDENTITY(0,1) NOT NULL,

            "username" VARCHAR(100) NOT NULL,

            "password" VARCHAR(100) NOT NULL,

            "email" VARCHAR(100) NULL DEFAULT NULL,

            "isadmin" INT NULL DEFAULT '0',

            PRIMARY KEY ("id")

        )

        QUERY TO INSERT DATA INTO "USERS" TABLE:

        INSERT INTO dbo.users (username, password, email, isadmin)

        VALUES

        ('admin','admin123','[email protected]',1),

        ('rebecca','rebecca','[email protected]',0),

        ('raymond','raymond','[email protected]',0);

        QUERY TO CREATE "EXPENSES" TABLE:

        CREATE TABLE "expenses" (

            "id" INT IDENTITY(0,1) NOT NULL,

            "email" VARCHAR(100) NOT NULL,

            "item" VARCHAR(100) NOT NULL,

            "price" VARCHAR(100) NOT NULL,

            "date" VARCHAR(100) NOT NULL,

            "time" VARCHAR(100) NULL DEFAULT NULL,

            PRIMARY KEY ("id")

        )

3. Configure the client application to communicate with SQL Server and FTP Server - Instructions shown here https://youtu.be/IBdk2uOessc

4. Explore and exploit