Vulnerable Client-Server Application (VuCSA)

Vulnerable Client‑Server Application

Vulnerable client‑server application (VuCSA) is made for learning/presenting how to perform penetration tests of non‑http thick clients. It is written in Java (with JavaFX graphical user interface).

Challenges

Buffer Over‑read

Buffer Over-read Vulnerability

Command Execution

Command Execution Vulnerability

SQL Injection

SQL Injection Vulnerability

Enumeration

Enumeration Vulnerability

XML

XML Vulnerability

Horizontal Access Control

Horizontal Access Control Vulnerability

Vertical Access Control

Vertical Access Control Vulnerability

Remote Code Execution

Remote Code Execution Vulnerability

Tutorial

Solutions for these challenges using open-source tool PETEP can be found in this written tutorial and in the following video.

There is also the following YouTube playlist with separated videos for each vulnerability:

Download

VuCSA executables for Windows, Linux and Mac can be downloaded from GitHub releases:

GitHub: VuCSA GitHub

VuCSA is licenced under the GNU General Public License v3.0 and its source code is available on the GitHub above.