-
Notifications
You must be signed in to change notification settings - Fork 0
Tools
0xghostwriter edited this page Jul 20, 2021
·
30 revisions
Thick client testing methodology: https://github.com/0xghostwriter/RaKKeN/blob/master/Index/Thick_Client.md
https://github.com/0xghostwriter/WinTools
- Memoryze/WinHex - Grep Sensitive Strings
- EchoMirage
- NoPEProxy (Burp Extension)
- Wireshark
- http://split-code.com/strings2.html - search for sensitive strings in memory
- PowerView (Check permissions of user/group running the application if windows app)
- RegShot to monitor changes in Registry
- ILSpy to decompile .NET source code https://github.com/icsharpcode/ILSpy
- Microsoft SysInternals Suite https://docs.microsoft.com/en-us/sysinternals/downloads/sysinternals-suite (Process Explorer and Strings.exe)
- Visual Code Grepper https://github.com/nccgroup/VCG
Findings:
- Username Enumeration
- Hardcoded Credentials
- Hardcoded API keys
- Data that is proprietary to the company
- Check for how data is transmitted over the wire. Is it readable in cleartext? Can you enumerate user accounts? Can you sniff passwords? Can you enumerate IP addresses/machine names on the network?
https://blog.appsecco.com/breaking-bad-tearing-apart-a-thick-client-app-to-steal-data-7e44f8698b2a
Methodology: http://securitywarrior9.blogspot.com/search?q=thick+client
- Dynamic Testing ( fuzzing, traffic interception, injections)
- System Testing ( checking for logs, data files, registry keys, process threads)
- Static Testing ( reverse engineering, binary analysis )
Listen on port 55505, forward to 55505 on another host with socat
socat TCP-LISTEN:55505,fork TCP:10.19.55.156:55505