Learning Thick Client VAPT with me. Part 3. Patching the Application by Reverse Engineering.

Hey all. Previously we have done the lab setup. But we actually don't know we are able to log in or not.

Moreover, this DVTA is a 2-tier thick client application, its database is in our machine only. And if we start the DVTA application we can see there we need to configure our server but the button configure server is not highlighted.

We need to patch this application, so we can configure the server and login.

For that we need dnspy which is a decompiler. Let’s open our DVTA application into the dnspy.

We can see that it is marked as false as hard-coded for the configure server.

If we change the language from C# to IL, we can see the config server part like below image.

Right-click on that and edit with IL instructions. We already know that it's using boolean logic. We can see that ldc14.0 is there.

Let’s make that 14.1

Let’s click on Ok and save the module.

Just save it. Let’s open the DVTA application, and we can see that the configure server button is now enabled.

Let’s put localhost on that, click on configure. It is success. Now put any credential we know and we are in.

So here we learned how we can patch an application by reverse engineering. For more, let’s go to next part.