Skip to content

Basic Lab Setup - Thick client Applications

Environment description

  • VirtualBox or VMWare Installation workstation.
  • Windows 10 VM 1 (database) -> SQL server.
  • (optional) Windows 10 VM 2 (client) -> DVTA.

In the course we will be using an unique Windows 10 machine with both the SQL server and the DVTA application installed. Therefore, there will not be the need to have a second Windows 10 VM since all the needed applications will be installed on this unique virtual machine.

Software resources

Now, open the Windows 10 VM and start the lab setup!

1. Install SQL Server Express 2008

In the Download page we will choose SQLEXPR_x64_ENU.exe.

Some helpful tips and screenshots about the installation:

graphic

graphic

graphic

graphic

2. Install SQL Server Management Studio 19.0.1

This installation is pretty straighforward. Download page

graphic

Creating database DTVA four our vuln thick app

We will create the database "DVTA" and we will populate it with some users and expenses:

1. Open SSMS (SQL Server Management Studio) and right click on the "Database" object, and create a new database called DVTA.

graphic

2. Create a new table "users" in the database DVTA.

graphic

Here is the query:

CREATE TABLE "users" (
    "id" INT IDENTITY(0,1) NOT NULL,
    "username" VARCHAR(100) NOT NULL,
    "password" VARCHAR(100) NOT NULL,
    "email" VARCHAR(100) NULL DEFAULT NULL,
    "isadmin" INT NULL DEFAULT '0',
    PRIMARY KEY ("id")
)

3. Populate the database with 3 given users:

graphic

Here is the query:

INSERT INTO dbo.users (username, password, email, isadmin)
VALUES
('admin','admin123','admin@damnvulnerablethickclientapp.com',1),
('rebecca','rebecca','rebecca@test.com',0),
('raymond','raymond','raymond@test.com',0);

4. Create the table "expenses" in the database DVTA.

graphic

Here is the query:

CREATE TABLE "expenses" (
    "id" INT IDENTITY(0,1) NOT NULL,
    "email" VARCHAR(100) NOT NULL,
    "item" VARCHAR(100) NOT NULL,
    "price" VARCHAR(100) NOT NULL,
    "date" VARCHAR(100) NOT NULL,
    "time" VARCHAR(100) NULL DEFAULT NULL,
    PRIMARY KEY ("id")
)

Adittional configurations

Some configurations need to be done so the conection works:

1. Open SQL Server Configuration Manager and enable TCP/IP Protocol conections:

graphic

2. Also in SQL Server Configuration Manager, restart SQL Server (SQLEXPRESS)

graphic

3. Install Filezilla FTP server

1. Download Filezilla Server, install it and initiate a connection: Download page

As for the conection initiation, I'm using localhost 127.0.0.1, port 14148 and password "filezilla":

graphic

2. Add a user. Name "dvta" and password "p@ssw0rd"

graphic

3. Add a Shared folder. Be careful with slashes and backslashes (wink!) not to get the typical error "error on row number 1 virtual path must be absolute".

graphic

Last update: 2023-12-26
Created: February 16, 2023 21:24:34