Susceptible client-server software (VuCSA) is made for studying/presenting how one can carry out penetration exams of non-http thick shoppers. It’s written in Java (with JavaFX graphical consumer interface).
Presently the weak software incorporates the next challenges:
- Buffer Over-read (simulated)
- Command Execution
- SQL Injection
- Enumeration
- XML
- Horizontal Entry Management
- Vertical Entry Management
If you wish to know how one can clear up these challenges, check out the PETEP web site, which describes how one can use the open-source instrument PETEP to take advantage of them.
Tip: Earlier than you begin hacking, don’t forget to test the information construction of messages bellow.
Tips on how to Run
As a way to run the weak server and shopper, you need to use one among releases on GitHub or run gradle assemble, which creates distribution packages (for each Home windows and Unix). These packages comprise sh/bat scripts that may run the server and shopper utilizing JVM.
Undertaking Construction
Undertaking is split into three modules:
- vucsa-common – widespread performance for each shopper and server (together with protocol processing utilities)
- vucsa-client – weak shopper with JavaFX GUI
- vucsa-server – weak server for terminal use
Knowledge Construction
Messages transmitted between server and shopper have the next easy format:
[type][target][length][payload]
32b 32b 32b ???
These 4 components have the next that means:
- sort – sort of the message (used for serialization/deserialization)
- goal – goal handler that may obtain the message
- size – size of the payload
- payload – knowledge serialized into bytes