🔏
roguebook
  • group
    • Web
      • Concepts
      • OAuth 2.0
      • File upload
      • API testing
      • Web Cache Decpetion
      • CORS
      • CSRF
      • Cross site web socket hijacking
      • XS-Leaks
    • Bug Bounty
      • Recon
        • Dorking
          • SSL Checker
        • Wordlists
          • Twitter wordlist suggestions
      • Tips & Tricks
        • Combined
        • CSP Bypasses & open redirect
        • 403 Bypass
        • Arrays in JSON
        • Open Redirect
        • Next.js Application
        • Locla File Read
        • External Link
        • xss bypass
        • CSRF cors bypass
        • ssrf
      • Talks/Interviews/Podcasts
        • Bug Bounty Talks
        • Podcasts
          • Critical Thinking - Bug Bounty Podcast
            • Learning
      • Tools
    • Android
      • Getting Started
      • Intent Attack Surface
      • Broadcast Receivers
      • Android Permissions
      • Android Services
      • Content and FileProvider
      • WebView & CustomTabs
      • Insecure Storage
      • Tips & Tricks
    • Thick Client
      • Lab Setup
      • Information Gathering
      • Traffic analysis
      • Insecure Data storage
      • Input validation
      • DLL hijacking
      • Forensics
      • Extra resources
    • OSINT
      • OpSec
    • Malware Analysis
      • Lab Setup
      • Networking
      • Tools
      • Malware source
      • Basic Static Analysis
      • Basic Dynamic Analysis
      • Advanced Analysis
      • Advanced Static Analysis
      • Advanced Dynamic Analysis
      • Malicious Document Analysis
      • Shellcode Analysis
    • Malware Development
    • Blue Team
      • Tools
      • Malware Analysis
        • Basic Static Analysis
    • Assembly
      • Instructions
    • Binary Exploitation
    • Infographics
    • Malware Analysis
    • Threat Modeling
Powered by GitBook
On this page
  • 1. Sensitive data storage in registry
  • 2. Dumping connection string from memory
  • 3. Analysing dump file
  1. group
  2. Thick Client

Insecure Data storage

Data storage issues in thick client applications.

PreviousTraffic analysisNextInput validation

Last updated 2 years ago

Every application that manages user's personal data or user sessions are prone to data storage issues whether it is a mobile application or a desktop application as we call it thick client applications.

You can follow article for step by step guide.

1. Sensitive data storage in registry

Many application use to store data. But should you do it? The answer is specially registry should not be trusted with sensitive information.

Regshot is an open source tool to check modified registry keys by an application.

Tool Link:

Regshot works on basic principle

  1. Take snapshot of your registry.

  2. DO something on your system.

  3. Take snapshot again and compare what is changed.

Use 32 bit version of regshot for DVTAas it is a 32 bit application. You can find values that were modified.

This opens up the attack path for manually changing these registry keys and logging into other people's account.

2. Dumping connection string from memory

In 2 tier architectures application has to make connection to databases and several other services. We have already seen credentials in network traffic, registry keys or even hard coded credentials.

Now we will see how to dump database connection string from memory which is basically parameters required to connect to a database instance.Which include server address, database name and credentials to authenticate.

  • Case 1: Plain text connection string

    • A clear text string is hardcoded in application, so if we are able to decompile application we can retrieve that.

    • If we can't decompile the application then we can dump the memory while application is running and we can find connection string in memory.

  • Case 2: Encrypted connection string

    • Application hard code encrypted connection string, so even if we decompile application we find encrypted string.

    • When application tries to decrypt encrypted value we dump the memory.

In both cases memory dumping can reveal clear text connection string. ProcessHacker is one such tool to dump memory of a process

Run the DVTA application and perform some action then run process hacker and search for dvta. It will list DVTA process now check this process's properties and strings if being specific you will find decrypted password in it.

Now we can use these credential to connect to database and dump database.

3. Analysing dump file

Another way to analyse memory could be generating a memory dump from process list and search for strings in dump file.

From task manager create a dump file of your application.

Tool link:

Now you can run strings on it. Tool Link :

https://sourceforge.net/projects/processhacker/files/latest/download
https://download.sysinternals.com/files/Strings.zip
this
windows registry
NO
https://sourceforge.net/projects/regshot/files/latest/download
Values are changed from null to vijay's data
DVTA application memory dump in process hacker
Database username and password in dump file.