Kali Linux

VuCSA : Vulnerable Client-Server Application – Made For Learning/Presenting

Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface).

Currently the vulnerable application contains the following challenges:

  1. Buffer Over-read (simulated)
  2. Command Execution
  3. SQL Injection
  4. Enumeration
  5. XML
  6. Horizontal Access Control
  7. Vertical Access Control

If you want to know how to solve these challenges, take a look at the PETEP website, which describes how to use the open-source tool PETEP to exploit them.

Tip: Before you start hacking, do not forget to check the data structure of messages bellow.

How to Run?

In order to run the vulnerable server and client, you can use one of releases on GitHub or run gradle assemble, which creates distribution packages (for both Windows and Unix). These packages contain sh/bat scripts that will run the server and client using JVM.

Project Structure

Project is divided into three modules:

  • vucsa-common – common functionality for both client and server (including protocol processing utilities)
  • vucsa-client – vulnerable client with JavaFX GUI
  • vucsa-server – vulnerable server for terminal use

Data Structure

Messages transmitted between server and client have the following simple format:

[type][target][length][payload]
  32b    32b     32b     ???

These four parts have the following meaning:

  • type – type of the message (used for serialization/deserialization)
  • target – target handler that will receive the message
  • length – length of the payload
  • payload – data serialized into bytes
R K

Recent Posts

Install Opera Web Browser on Ubuntu 18.04: Complete Setup Guide

Opera is one of the most popular cross-platform web browsers in the world, available on Windows,…

20 hours ago

Install Gogs on Ubuntu 18.04: Self-Hosted Git Server Setup Guide

Gogs is a free, self-hosted Git service written in Go. It gives you a private GitHub-like…

20 hours ago

Install Elasticsearch on Ubuntu 18.04: Setup and Config Guide

Elasticsearch is an open-source distributed search and analytics engine built on Apache Lucene. It supports RESTful…

20 hours ago

Install Flask on Ubuntu 18.04: venv Setup and Hello World App

Flask is a free, open-source micro web framework for Python. It is built on Werkzeug and…

20 hours ago

Install Memcached on Ubuntu 18.04: Setup, Config, and Client Guide

Memcached is a free, open-source, high-performance in-memory caching system. It stores data as key-value pairs in…

20 hours ago

Install TensorFlow on Ubuntu 18.04: Python venv Setup and Usage

TensorFlow is a free, open-source machine learning platform developed by Google. It is used by major…

2 days ago