Learning Thick Client VAPT with me. Part 2. Lab Setup.
Hey all.
Now we need a fresh Windows 10. I did in the virtual box. We need to install some applications like Microsoft SQL server and Microsoft SQL Management studio. I installed the current latest version which 2022.
Microsoft SQL server: SQL Server Downloads | Microsoft
Microsoft SQL Management Studio: Download SQL Server Management Studio (SSMS) — SQL Server Management Studio (SSMS) | Microsoft Learn
Just do normal installation. Nothing complicated are there. But remember use custom mode of installation of SQL Express, not the basic/default one. Because there, you need to add password of mixed (windows+SQL) authentication. Then in service accounts part in installation process make NT Authority\SYSTEM of SQL server database engine. In the service accounts part, we also need to make automatic in startup type of both SQL server database engine and SQL server browser. This password will be used in FTP(FileZilla) also.
After all installation, just open the SQL server management studio, connect, and we can see like this:
Now we need to download DVTA as a zip: Release DVTA 2.0 · srini0x00/dvta · GitHub
We actually need only the release folder. All other we can delete. Release folder location: DVTA/bin/Release
Now, we need to configure (especially for the database)the DVTA. This configuration is mentioned in the DVTA site.
First is creating a database named DVTA.
Now we need to create query for the database DVTA.
Now copy from the DVTA GitHub site and paste this in query area in management studio.
Now click on DVTA database and refresh from right click. So we can see the users table under table of DVTA database.
Now with the new query for the user data.
Same thing with other query too. After that, save all those. Then open the SQL server configuration manager and check that as below image.
We need to change that TCP/IP value from disabled to enabled. Then we need to restart the SQL server service to take that effect.
Now we need to download the FileZilla server for the sharing services from here: Download FileZilla Server for Windows (64bit x86) (filezilla-project.org)
Port number we did not change it was like that only, but we put password which is same password of SQL express, by that it can connect with database.
Once installation done, it will show like below image
Just use the password we have used and we are in.
Now we need to add a user for that.
Or you can leave that password part as it will say leave that if you want same password. So leave that and click on OK.
To connect with a folder to make a shared folder, just do this: in virtual path put / and in native path put the location of the folder which we want to share.
And we are done.
We are done with the Lab setup. Let’s go to the next part.
Note: I got some issue with my VM. So I had to configure again. By that, I gave the database name as DVTA_database. You can give any name. For that, you need to put that exact same name in the DVTA.exe config file (not the application.exe) also by that our thick client application can connect to that database.
