/VWA

Vulnerable Windows Application for Pentesters from the house of DarkRelay Security Labs. The project is along the lines of DVWA, AWSGoat and other similar projects, to help the cybersecurity community practise their skills.

Apache License 2.0Apache-2.0

Vulnerable Windows Application for Thick Client Penetration Testing

Vulnerable Windows Application for Pentesters from the house of DarkRelay Security Labs. The project is along the lines of DVWA, AWSGoat and other similar projects, to help the cybersecurity community practise their skills in thick client penetration testing.

Disclaimer

Warning! You are about to install DarkRelay's Vulnerable Windows Application! Purpose of the application is to educate students on Windows thick client penetration testing. If you use this application for malicious means or if your server is compromised via an installation of this application, DarkRelay does not hold any responsibility! DarkRelay or it's contributors will not be responsible for misuse of this application.

If you have more questions, please write to us via get-started or email us at: info@darkrelay.com

Write-ups

https://www.darkrelay.com/post/thick-client-penetration-testing

Vulnerabilities present in application

  • DLL Hijacking
  • EXE Hijacking
  • Symlink Attacks
  • IFEO Injection
  • Unquoted Service Path
  • Man In the Middle Attack
  • Weak Named Pipe
  • Weak Memory Protection
  • Stack Buffer Overflow
  • Absence of Digital Signatures
  • COM Hijacking
  • Process Injection

Installation

Install the msi as an Administrator

Platorms Supported and tested

Windows 10 x64, Windows 2016 and 2019 x64

Recommended pentest tools

  • Microsoft Sysinternal Tools
  • Immunity Debugger
  • Symboliclink-testing-tools from Google
  • Echo Mirage
  • Regshot
  • Windows Attack Surface Analyzer
  • mingw compiler c++

TBD

  • Add more vulnerabilities.
  • Add test cases.
  • Add and verify multi platform support.

Licensing

This project is available under the Apache 2.0 license.

Contributing to the project

Please open a pull request with your changes and drop a mail to info@darkrelay.com requesting approval.

Follow Us For More:

LinkedIn
Twitter
YouTube