Common vulnerabilities

General index of the course

• Introduction.
• Tools for pentesting thick client applications.
• Basic lab setup.
• First challenge: enabling a button.
• Information gathering phase.
• Traffic analysis.
• Attacking thick clients applications.
• Reversing and patching thick clients applications.
• Common vulnerabilities.

Application Signing

For checking if the application is signed, we use the tool sigcheck, from SysInternals Suite.

From command line we run sigcheck.exe and check if DVTA.exe is signed.

Compiler protection

We will use the tool binscope, provided by Microsoft.

Download it from: https://www.microsoft.com/en-us/download/details.aspx?id=44995

Install it by double-clicking on it.

Now from command line:

.\binscope.exe /verbose /html /logfile c:/path/to/outputreport.html C:/path/to/application/toAudit/DVTA.exe

After executing the command you will obtain a report of some basic checks that binscope run on the application.

Automated source code scanning

Visual Code Grepper

Download it from: https://sourceforge.net/projects/visualcodegrepp/

To run a scan:

1. Open the application in dotpeek and export it as a visual Studio project. This will export the decompiled code of the application where we indicate.

2. Open Visual Code Grepper. In menu FILE, first option, specify the target directory (where we saved the decompiled files). If error message says that "no files for the specified language", change language in menu Settings (C#).

3. Click on menu Scan> Full scan.

Last update: 2023-12-26
Created: March 10, 2023 20:56:07