Learning Thick Client VAPT with me. Part 8. Dumping connection string from memory and SQL Injection.

Hey all.

Today, we will check any sensitive string by dumping the memory of our thick client application. We will also see SQL injection into our application.

Now, checking any sensitive string by dumping memory will only possible if our thick client application uses encrypted/non-encrypted hard-coded connection string.

Now we will use Process Hacker. We can download that from https://processhacker.sourceforge.io/downloads.php

Then select binaries(portable) > open the x64 version.

Before starting the process hacker start the thick client application and login and surf.

Now, start the process hacker and look for our thick client application.

Now double-click on our thick client application in process hacker. It will show our thick client application’s properties and then click on memory.

After clicking on memory. Click on strings. There select/tick all and set minimum length is 10.

Now we will get a big list of strings. So we need to filter (contains case-insensitive) with our juicy strings. Like data source, password, user, decrypt and many more.

We can see username, password, and many more in clear text.

We can see the username, password of user rahul and SQL express from above images. This is a vulnerability. To make it more impactful vulnerability, we can try to use those credentials to connect in SQL management studio and also in our thick client application.

Now for SQL injection. There is nothing as such. We need to just use payloads in the login to bypass that.

Payloads can be like: x’or’x’=’x

In payloads, we can put spaces to look like this: x’ or ‘x’=’x or other SQL injection payloads like with a genuine username but not the password like: rahul’or’x’=’y

So, in this blog we learned Dumping connection string from memory and SQL Injection. Let’s meet in the next part.