🔏
roguebook
  • group
    • Web
      • Concepts
      • OAuth 2.0
      • File upload
      • API testing
      • Web Cache Decpetion
      • CORS
      • CSRF
      • Cross site web socket hijacking
      • XS-Leaks
    • Bug Bounty
      • Recon
        • Dorking
          • SSL Checker
        • Wordlists
          • Twitter wordlist suggestions
      • Tips & Tricks
        • Combined
        • CSP Bypasses & open redirect
        • 403 Bypass
        • Arrays in JSON
        • Open Redirect
        • Next.js Application
        • Locla File Read
        • External Link
        • xss bypass
        • CSRF cors bypass
        • ssrf
      • Talks/Interviews/Podcasts
        • Bug Bounty Talks
        • Podcasts
          • Critical Thinking - Bug Bounty Podcast
            • Learning
      • Tools
    • Android
      • Getting Started
      • Intent Attack Surface
      • Broadcast Receivers
      • Android Permissions
      • Android Services
      • Content and FileProvider
      • WebView & CustomTabs
      • Insecure Storage
      • Tips & Tricks
    • Thick Client
      • Lab Setup
      • Information Gathering
      • Traffic analysis
      • Insecure Data storage
      • Input validation
      • DLL hijacking
      • Forensics
      • Extra resources
    • OSINT
      • OpSec
    • Malware Analysis
      • Lab Setup
      • Networking
      • Tools
      • Malware source
      • Basic Static Analysis
      • Basic Dynamic Analysis
      • Advanced Analysis
      • Advanced Static Analysis
      • Advanced Dynamic Analysis
      • Malicious Document Analysis
      • Shellcode Analysis
    • Malware Development
    • Blue Team
      • Tools
      • Malware Analysis
        • Basic Static Analysis
    • Assembly
      • Instructions
    • Binary Exploitation
    • Infographics
    • Malware Analysis
    • Threat Modeling
Powered by GitBook
On this page
  1. group
  2. Thick Client

Lab Setup

Thick clients applications aren't web applications and they require a little bit of setup for practising in a safe environment.

PreviousThick ClientNextInformation Gathering

Last updated 2 years ago

DVTA( Damnn vulnerable Thick client Application) is developed in C# .NET

We are gonna be using DVTA appplication for our testing.

I recommend following this article patiently for step by step guide to setup windows vm, sql server, ftp server and dvta application.

Part 1:

Part 2:

Also i personally used modified DVTA application from article.

You will have to configure dvta.exe.config file to specify where your sql server is located. Here are different solutions that worked for different people while setting up dvta

  • Specify sqlexpress path without hostname i.e. <add key="DBSERVER" value=".\SQLEXPRESS"

  • You can also use hostname of your machine if above solution doesn't work <add key="DBSERVER" value="hostname\SQLEXPRESS"

  • In ftp server virtual path should be / and native path should be /path_to_folder_you_want_dvta_to_put_files_in/ .

https://github.com/srini0x00/dvta
https://www.hackingarticles.in/thick-client-pentest-lab-setup-dvta-2/
https://www.hackingarticles.in/thick-client-pentest-lab-setup-dvta-part-2/