Ejemplo n.º 1
0
        /// <summary>Generates a new SqlErrorAttackVector</summary>
        /// <param name="URL">The target URL for the injection.</param>
        /// <param name="VectorName">The name of the parameter to be injected against.</param>
        /// <param name="VectorBuffer">The default value of the parameter to be injected against.</param>
        /// <param name="AdditionalParams">Any additional parameters for the request unreleated to the actual injection.</param>
        /// <param name="Method">The HTTP connection method. This may be "GET" or "POST".</param>
        /// <param name="PluginUsed">The plugin to use in this injection.</param>
        /// <param name="Options">Any options for this injection.</param>
        public SqlErrorAttackVector(string URL, string VectorName, string VectorBuffer, NameValueCollection AdditionalParams, string Method, IErrorPlugin PluginUsed,
                                    ErrorInjectionOptions Options)
        {
            _TargetURL      = URL;
            _Options        = Options;
            _Plugin         = PluginUsed;
            _Proxies        = Options.WebProxies;
            _ConnectViaPost = String.Equals(Method.ToUpper(), "POST");
            _VectorName     = VectorName;
            _VectorBuffer   = VectorBuffer;
            _AttackParams   = AdditionalParams;

            ParsePage.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
        }
Ejemplo n.º 2
0
		/// <summary>Generates a new SqlErrorAttackVector</summary>
		/// <param name="URL">The target URL for the injection.</param>
		/// <param name="VectorName">The name of the parameter to be injected against.</param>
		/// <param name="VectorBuffer">The default value of the parameter to be injected against.</param>
		/// <param name="AdditionalParams">Any additional parameters for the request unreleated to the actual injection.</param>
		/// <param name="Method">The HTTP connection method. This may be "GET" or "POST".</param>
		/// <param name="PluginUsed">The plugin to use in this injection.</param>
		/// <param name="Options">Any options for this injection.</param>
		public SqlErrorAttackVector(string URL, string VectorName, string VectorBuffer, NameValueCollection AdditionalParams, string Method, IErrorPlugin PluginUsed,
				ErrorInjectionOptions Options)
		{			
			_TargetURL = URL;
			_Options = Options;
			_Plugin = PluginUsed;
			_Proxies = Options.WebProxies;
			_ConnectViaPost = String.Equals(Method.ToUpper(), "POST");	
			_VectorName = VectorName;
			_VectorBuffer = VectorBuffer;
			_AttackParams = AdditionalParams;	
		
			ParsePage.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
		}
Ejemplo n.º 3
0
        /// <summary>
        /// Converts the Attack Vector from the native type to XML
        /// </summary>
        /// <param name="xInput">The XML node to start deserialization</param>
        /// <param name="AnonProxies">Any anonymous proxies being used</param>
        public void DeserializeAttackVector(ref XmlNode xInput, Queue AnonProxies)
        {
            string FullUrl;

            if (!_UseSSL)
            {
                FullUrl = "http://" + _TargetURL;
            }
            else
            {
                FullUrl = "https://" + _TargetURL;
            }

            XmlNode n = xInput.SelectSingleNode("attackvector");

            if (n == null)
            {
                return;
            }

            InjectionOptions opts;

            if (_IsBlind)
            {
                opts = new BlindInjectionOptions();
                ((BlindInjectionOptions)opts).Delimiter = _FilterDelimiter;
                ((BlindInjectionOptions)opts).Tolerance = _Tolerance;
                ((BlindInjectionOptions)opts).Throttle  = _ThrottleValue;
            }
            else
            {
                opts = new ErrorInjectionOptions();
            }

            opts.TerminateQuery = _TerminateQuery;
            opts.WebProxies     = AnonProxies;

            AttackVectorFactory avf = new AttackVectorFactory(FullUrl, "", "", _ParamList, _ConnectionMethod, opts);

            _TargetAttackVector = avf.BuildFromXml(n, opts, _Plugins.GetPluginByName(_LoadedPluginName));

            _TargetAttackVector.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
        }
Ejemplo n.º 4
0
        private void InitializeAttackVectors()
        {
            string URL;

            URL = ctlConnection1.UseSsl == true ? "https://" : "http://";
            URL += ctlConnection1.TargetUrl;

            string Method = ctlConnection1.ConnectMethod;

            if (Method.Equals("")) return;

            SafelyChangeCursor(Cursors.WaitCursor);

            // Generate StringDict
            string TargetName, TargetField;
            bool InjectAsString;
            TargetName = String.Empty; TargetField = String.Empty;

            NameValueCollection Others = new NameValueCollection();
            NameValueCollection Cookies = new NameValueCollection();

            Others = FormParameters.FormParameters(ref TargetName, ref TargetField, out InjectAsString);
            Cookies = FormParameters.Cookies;

            if (TargetName.Equals(String.Empty))
            {
                UserStatus("No Injection Point Found");
                SafelyChangeCursor(Cursors.Default);
                return;
            }

            UserStatus("Beginning Preliminary Scan");

            try
            {
                SafelyChangeEnableOfControl(butInitializeInjection, false);

                AttackVectorFactory avf;

                InjectionOptions opts;
                if (optBlindInjection.Checked == true)
                {
                    opts = new BlindInjectionOptions();

                    ((BlindInjectionOptions)opts).Tolerance = _AbsintheState.FilterTolerance;
                    ((BlindInjectionOptions)opts).Delimiter = _AbsintheState.FilterDelimiter;
                }
                else
                {
                    opts = new ErrorInjectionOptions();
                    ((ErrorInjectionOptions)opts).VerifyVersion = chkVerifyVersion.Checked;
                }

                opts.TerminateQuery = _AbsintheState.TerminateQuery;
                opts.Cookies = Cookies;
                opts.WebProxies = _AppSettings.ProxyQueue();
                opts.InjectAsString = InjectAsString;
                opts.UserAgent = _AbsintheState.UserAgent;

                opts.AuthCredentials = ctlUserAuth1.NetworkCredential;
                opts.AppendedQuery = _AbsintheState.AppendedText;

                avf = new AttackVectorFactory(URL, TargetName, TargetField, Others, Method, opts);
                avf.UserStatus += new UserEvents.UserStatusEventHandler(UserStatus);

                int PluginNumber = Array.IndexOf(_PluginEntries, _AbsintheState.LoadedPluginName);

                IPlugin pt = null;

                if (optBlindInjection.Checked)
                {
                    foreach (IPlugin bp in _AbsintheState.PluginList)
                    {
                        if (bp.GetType().GetInterface("IBlindPlugin") != null)
                        {
                            if (bp.PluginDisplayTargetName == _AbsintheState.LoadedPluginName)
                            {
                                pt = (IPlugin)bp;
                                break;
                            }
                        }
                    }

                    _AbsintheState.TargetAttackVector = avf.BuildBlindSqlAttackVector(_AbsintheState.FilterTolerance, (IBlindPlugin)pt);
                    UserStatus("Finished initial scan");
                }
                else if (optErrorBasedInjection.Checked)
                {
                    if (PluginNumber <= 0)
                    {
                        pt = AutoDetectPlugin(avf);
                    }
                    else
                    {
                        foreach (IPlugin ep in _AbsintheState.PluginList)
                        {
                            if (ep.PluginDisplayTargetName == _AbsintheState.LoadedPluginName)
                            {
                                pt = (IPlugin)ep;
                                break;
                            }
                        }
                    }
                    if (pt != null)
                    {
                        try
                        {
                            _AbsintheState.TargetAttackVector = avf.BuildSqlErrorAttackVector((IErrorPlugin)pt);
                            UserStatus("Finished initial scan");
                        }
                        catch (UnsupportedSQLErrorVersionException sqlex)
                        {
                            ErrorReportingDelegate ts = new ErrorReportingDelegate(ThreadUnsafeDisplayErrorReportDialog);
                            this.Invoke(ts, new object[] { sqlex.VersionErrorPageHtml, sqlex.HavingErrorPageHtml });
                        }
                    }
                }

            }
            catch (Exception e)
            {
                System.Diagnostics.Debug.WriteLine(e.ToString());
                UserStatus(e.Message);
            }
            finally
            {
                SafelyChangeEnableOfControl(butInitializeInjection, true);
                SafelyChangeCursor(Cursors.Default);
            }
        }
Ejemplo n.º 5
0
        /// <summary>
        /// Converts the Attack Vector from the native type to XML
        /// </summary>
        /// <param name="xInput">The XML node to start deserialization</param>
        /// <param name="AnonProxies">Any anonymous proxies being used</param>
		public void DeserializeAttackVector(ref XmlNode xInput, Queue AnonProxies)
		{
			string FullUrl;
			if (!_UseSSL) FullUrl = "http://" + _TargetURL;
			else FullUrl = "https://" + _TargetURL;

			XmlNode n = xInput.SelectSingleNode("attackvector");	
			if (n == null) return;

			InjectionOptions opts;
			if (_IsBlind)
			{
				opts = new BlindInjectionOptions();
				((BlindInjectionOptions) opts).Delimiter = _FilterDelimiter;
				((BlindInjectionOptions) opts).Tolerance = _Tolerance;
				((BlindInjectionOptions) opts).Throttle = _ThrottleValue;
			}
			else
				opts = new ErrorInjectionOptions();		

			opts.TerminateQuery = _TerminateQuery;
			opts.WebProxies = AnonProxies;

			AttackVectorFactory avf = new AttackVectorFactory(FullUrl, "", "", _ParamList, _ConnectionMethod, opts);
			_TargetAttackVector = avf.BuildFromXml(n, opts, _Plugins.GetPluginByName(_LoadedPluginName));

			_TargetAttackVector.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
		}