private void btnAutodetect_Click(object sender, RoutedEventArgs e)
{
bool findAllPossibleAttackVectors = true;//@TODO: this should be a setting and come from somewhere, maybe the UI
bool vuln = false;
string msg = string.Empty;
IList <string> dbMgmtSystems = new List <string>();
IList <ExploitDetails> exploits = new List <ExploitDetails>();
List <dynamic> filters = null;
dynamic filter = null;
ProxyType proxyType = ProxyType.None;
string url = txtUrl.Text;
string fullProxyAdress = txtProxyFullAddress.Text;
bool useProxy = (chkUseProxy.IsChecked != null) ? chkUseProxy.IsChecked.Value : false;;
ClearAll();
DisableAll();
if (cmbProxyType.SelectedValue != null)
{
Enum.TryParse <ProxyType>(cmbProxyType.SelectedValue.ToString(), out proxyType);
}
var th = new Thread(() =>
{
dbMgmtSystems = XmlHelpers.GetAllAttributeValuesFromDoc(FileHelpers.GetCurrentDirectory() + "\\xml\\exploits.xml",
"exploit", "dbms");
foreach (var injectionStrategy in _injectionStrategies)
{
if (_stopCurrentActionSingleUrlTab)
{
break;
}
foreach (var dbMgmtSystem in dbMgmtSystems)
{
if (_stopCurrentActionSingleUrlTab)
{
break;
}
filters = new List <dynamic>();
filter = new ExpandoObject();
filter.AttributeName = "dbms"; filter.AttributeValue = dbMgmtSystem;
filters.Add(filter);
filter = new ExpandoObject();
filter.AttributeName = "injection-strategy"; filter.AttributeValue = injectionStrategy.GetType().Name;
filters.Add(filter);
exploits = XmlHelpers.GetObjectsFromXml <ExploitDetails>(FileHelpers.GetCurrentDirectory() + "\\xml\\exploits.xml", "exploit",
filters);
foreach (var exploit in exploits)
{
if (_stopCurrentActionSingleUrlTab)
{
break;
}
//populate
injectionStrategy.ExploitDetails = exploit; injectionStrategy.Url = url;
if (useProxy)
{
injectionStrategy.UseProxy = true;
injectionStrategy.ProxyDetails = new ProxyDetails()
{
FullProxyAddress = fullProxyAdress,
ProxyType = proxyType
};
}
//test
//var superGigi = UrlHelpers.HexEncodeValue("gigi");
try
{
vuln = injectionStrategy.TestIfVulnerable();
}
catch (Exception ex)
{
//TODO: log this maybe?
}
//depopulate
injectionStrategy.ExploitDetails = null; injectionStrategy.Url = null; injectionStrategy.ProxyDetails = null;
injectionStrategy.UseProxy = false;
if (vuln)
{
msg += string.Format("Vulnerable using the injection strategy: {0} with the exploit: {1}. Detected DBMS: {2}",
injectionStrategy.DisplayName, exploit.UserFriendlyName, dbMgmtSystem)
+ Environment.NewLine;
if (!findAllPossibleAttackVectors)
{
_stopCurrentActionSingleUrlTab = true;
}
else
{
vuln = false;
}
}
}
}
}
if (string.IsNullOrEmpty(msg))
{
msg = "Not vulnerable given any available expoit";
}
txtCustomQueryResult.Dispatcher.Invoke(
System.Windows.Threading.DispatcherPriority.Normal,
new Action(
delegate()
{
txtCustomQueryResult.Text = msg;
}
));
_stopCurrentActionSingleUrlTab = false;
EnableAllFromOtherThread();
});
try
{
th.Start();
}
catch (Exception ex)
{
txtCustomQueryResult.Text = string.Format("Error: {0}", ex.Message);
}
}
private void PopulateDbms()
{
cbDbms.DataContext = XmlHelpers.GetAllAttributeValuesFromDoc(FileHelpers.GetCurrentDirectory() + "\\xml\\payloads.xml",
"payload", "dbms");
}
