Skip to main content

Thick Client Applications

A thick client (or fat client) application is software that runs mostly on the user's computer rather than relying on a central server for processing. It requires significant local resources like CPU, RAM, and storage but can work offline or with minimal server interaction.

Tiers in Thick Client Architecture

Thick client applications typically follow a two-tier or three-tier architecture:

  1. Two-Tier Architecture
    • The client directly communicates with the database.
    • Example: A desktop-based MySQL Workbench that directly connects to a MySQL database.
  2. Three-Tier Architecture
    • The client interacts with an application server, which then communicates with the database.
    • Example: Microsoft Outlook (email client) where the app communicates with a mail server before retrieving data.

Examples of Thick Client Applications

  • Microsoft Word / Excel (works locally, syncs when needed)
  • Adobe Photoshop (processing happens locally)
  • Video Games (e.g., GTA V, Cyberpunk 2077) (most game logic runs on the user’s machine)
  • AutoCAD (design software with local processing)
  • SQL Server Management Studio (SSMS) (directly connects to databases)

Enumeration

Enumeration involves gathering information about the application's structure, dependencies, and communication flow. It can be done on different levels: Client-Side, Network-Side, and Server-Side.

Client-Side Enumeration

  • Tools
    • Process Explorer (View running processes)
    • Procmon (Process Monitor) (Track file and registry activities)
    • IDA Pro / Ghidra (Reverse engineering binaries)
    • Strings / Binwalk (Extract hardcoded data from binaries)
    • DotPeek / ILSpy (For decompiling .NET apps)
  • Techniques
    • Analyze executable dependencies
    • Search for stored credentials in config files/registry
    • Reverse engineer the binary for debugging functions

Network-Side Enumeration

  • Tools
    • Wireshark (Packet capturing)
    • Burp Suite / Fiddler (Intercept HTTP requests)
    • TCPView / Netstat (Monitor network connections)
  • Techniques
    • Capture and analyze traffic (clear-text credentials, API calls)
    • Check for exposed services (open ports, protocols used)
    • Replay modified requests (test for insecure transmission)

Server-Side Enumeration

  • Tools
    • Nmap (Scan server services and open ports)
    • Nikto (Web vulnerability scanning)
    • SQLmap (Automated SQL injection testing)
  • Techniques
    • Identify backend databases (via error messages, responses)
    • Check for weak authentication mechanisms
    • Exploit improper access control (e.g., privilege escalation)

Reverse Engineering in Thick Client Applications

  • Static Analysis (Without Running the App)
    • Decompile/reverse binaries (IDA Pro, Ghidra, ILSpy)
    • Extract strings & hardcoded credentials (Strings, Binwalk)
    • Analyze libraries and API calls (Dependency Walker)
  • Dynamic Analysis (While Running the App)
    • Debugging and live code execution (x64dbg, OllyDbg)
    • Monitoring API calls and process behavior (Procmon, API Monitor)
    • Intercepting network traffic (Wireshark, Burp Suite)
info

More on Reverse Engineering will have it's own dedicated section.