Hello Readers,
This post will be focused on setting up a vulnerable thick client application and finding vulnerabilities. The blog post is an unofficial part of the on going series of post by NetSPI. NetSPI has released a vulnerable thick client app called BetaFast which has two versions - BetaBank and BetaFast based on 2-tier and 3-tier architecture respectively. The app is coded by Austin Altmann and he is writing the walk-through series.
Note: At the time of writing this blog, the walk-through/write-up for authorization bypass vulnerability was yet to be published by NetSPI and therefore I decided to create this blog post.
All the credit for developing and maintaining this app goes to Austin and NetSPI team. You can find some of the cool write-ups here. Let's start.
Setting up Betafast -
1. Download the files from github - https://github.com/NetSPI/BetaFast .
2. Extract and open the .sln file with Visual Studio
3. Look for App.config
4. Edit the App.config file's baseUri key value as betafast.net as shown in
the screenshot below-
5. Click on Build -
6. Install docker desktop for Windows from
here.
7. You need to enable Hyper-V for running docker-desktop. Following command can be run as administrator and a restart is required to run docker-desktop.
To enable:
bcdedit /set hypervisorlaunchtype auto
To disable:
bcdedit /set hypervisorlaunchtype off
8. Navigate to the docker folder of Betafast and open powershell.
This post will be focused on setting up a vulnerable thick client application and finding vulnerabilities. The blog post is an unofficial part of the on going series of post by NetSPI. NetSPI has released a vulnerable thick client app called BetaFast which has two versions - BetaBank and BetaFast based on 2-tier and 3-tier architecture respectively. The app is coded by Austin Altmann and he is writing the walk-through series.
Note: At the time of writing this blog, the walk-through/write-up for authorization bypass vulnerability was yet to be published by NetSPI and therefore I decided to create this blog post.
All the credit for developing and maintaining this app goes to Austin and NetSPI team. You can find some of the cool write-ups here. Let's start.
Setting up Betafast -
1. Download the files from github - https://github.com/NetSPI/BetaFast .
2. Extract and open the .sln file with Visual Studio
3. Look for App.config
7. You need to enable Hyper-V for running docker-desktop. Following command can be run as administrator and a restart is required to run docker-desktop.
To enable:
bcdedit /set hypervisorlaunchtype auto
To disable:
bcdedit /set hypervisorlaunchtype off
8. Navigate to the docker folder of Betafast and open powershell.
9. To launch the servers, use the following commands in the same directory as docker-compose.yml:
docker-compose build docker-compose up
10. Now let's make the following entry in windows host file -
12. Configure Burpsuite proxy listener to the same and let's start with finding the vulnerability.
Finding the Vulnerability -
Step 1: Click on 'Create Account' to register a new low privileged user -
Step 2: Register using some credentials -
Step 3: Login and check HTTP History and we will see an interesting request is made to confirm if the following user is admin or not -
Step 4: Before tampering the response, let's explore the user panel and you can see the below screenshot has limited no. of tabs and functionality -
Step 5: Now logout and login again while keeping the intercept on in order to change the response in the fly -
Step 5: We would be able to access to Admin functions that are available in the application -
Step 6: Let's add an admin user to confirm if we really can perform admin actions from low privileged user -
Conclusion : We were able to bypass the access control mechanism and access admin dashboard to perform unauthorized actions from a low privileged account.
Thanks for reading. You can read more about access control bypass from here.
This is highly informatics, crisp and clear. I think that everything has been described in systematic manner so that reader could get maximum information and learn many things. Vulnerabilty
ReplyDeleteThis article provides an informative introduction to thick client application hacking and explains the security challenges associated with desktop-based applications that process sensitive data locally. The discussion on application architecture, attack surfaces, client-side vulnerabilities, and security assessment techniques offers valuable insights for anyone interested in understanding how thick client applications are analyzed from a security perspective.
ReplyDeleteLearning about application security testing, vulnerability analysis, and secure software design is an important part of Cyber Security Projects for Final Year Students. Exploring these concepts helps students develop practical skills in identifying weaknesses, strengthening application security, and protecting systems against evolving cyber threats.
The article also emphasizes the importance of safeguarding sensitive information and implementing robust security controls throughout the software lifecycle. Working on Information Security Projects can provide deeper knowledge of secure application development, authentication mechanisms, and data protection strategies used in modern computing environments.
ReplyDelete