Lab Setup

Thick clients applications aren't web applications and they require a little bit of setup for practising in a safe environment.

DVTA( Damnn vulnerable Thick client Application) is developed in C# .NET https://github.com/srini0x00/dvta

We are gonna be using DVTA appplication for our testing.

I recommend following this article patiently for step by step guide to setup windows vm, sql server, ftp server and dvta application.

Part 1: https://www.hackingarticles.in/thick-client-pentest-lab-setup-dvta-2/

Part 2: https://www.hackingarticles.in/thick-client-pentest-lab-setup-dvta-part-2/

Also i personally used modified DVTA application from article.

You will have to configure dvta.exe.config file to specify where your sql server is located. Here are different solutions that worked for different people while setting up dvta

• Specify sqlexpress path without hostname i.e. <add key="DBSERVER" value=".\SQLEXPRESS"

• You can also use hostname of your machine if above solution doesn't work <add key="DBSERVER" value="hostname\SQLEXPRESS"

• In ftp server virtual path should be / and native path should be /path_to_folder_you_want_dvta_to_put_files_in/ .