Ejemplo n.º 1
0
        public static void PopulateDB(DotNetBinary dnb)
        {
            try
            {
                SetConnection();
                m_dbConnection.Open();
              
                string sql = "SELECT * FROM " + dbName + " WHERE hash = '" + dnb.hash + "' AND application = '" + dnb.application + "';";
                SQLiteCommand command = new SQLiteCommand(sql, m_dbConnection);
                SQLiteDataReader reader = command.ExecuteReader();

                // check if we've seen this file before (in terms of hash and file location). If not, add it to the db
                if (!reader.HasRows)
                {
                    sql = "INSERT into " + dbName + " (name, application, hash, numSQLi, numCodEx, numFileEx, numInfoLeak, numXSS, numRedirect, numXPath, numLDAP) values ('" + dnb.name + "','" + dnb.application + "','" + dnb.hash + "'," + dnb.numSQLi + "," + dnb.numCodEx + "," + dnb.numFileEx + "," + dnb.numInfoLeak + "," + dnb.numXSS + "," + dnb.numRedirect + "," + dnb.numXPath + "," + dnb.numLDAP + ")";                         
                    ExecuteQuery(sql);
                }
              
            }
            catch (Exception e)
            {
                System.Windows.Forms.MessageBox.Show(e.ToString());
            }

        }
Ejemplo n.º 2
0
        public static bool seenBefore(DotNetBinary dnb)
        {
            SetConnection();
            m_dbConnection.Open();
            string           sql     = "SELECT * FROM " + dbName + " WHERE hash = '" + dnb.hash + "' AND application = '" + dnb.application + "';";
            SQLiteCommand    command = new SQLiteCommand(sql, m_dbConnection);
            SQLiteDataReader reader  = command.ExecuteReader();

            return(reader.HasRows);
        }
Ejemplo n.º 3
0
        // extract bug classes and number of bugs where > 0
        public static string getBugs(DotNetBinary dnb)
        {
            string retstring = "";

            retstring += (dnb.numCodEx > 0) ? "CodeExecution:" + dnb.numCodEx + "," : "";
            retstring += (dnb.numFileEx > 0) ? "FileCanonicalisation:" + dnb.numFileEx + "," : "";
            retstring += (dnb.numInfoLeak > 0) ? "InfoLeak:" + dnb.numInfoLeak + "," : "";
            retstring += (dnb.numLDAP > 0) ? "LDAPi:" + dnb.numLDAP + "," : "";
            retstring += (dnb.numRedirect > 0) ? "Redirect:" + dnb.numRedirect + "," : "";
            retstring += (dnb.numSQLi > 0) ? "SQLi:" + dnb.numSQLi + "," : "";
            retstring += (dnb.numXPath > 0) ? "XPathi:" + dnb.numXPath + "," : "";
            retstring += (dnb.numXSS > 0) ? "XSS:" + dnb.numXSS + "," : "";
            retstring  = retstring.Substring(0, retstring.Length - 1);
            return(retstring);
        }
Ejemplo n.º 4
0
        public static void PopulateDB(DotNetBinary dnb)
        {
            try
            {
                SetConnection();
                m_dbConnection.Open();

                string           sql     = "SELECT * FROM " + dbName + " WHERE hash = '" + dnb.hash + "' AND application = '" + dnb.application + "';";
                SQLiteCommand    command = new SQLiteCommand(sql, m_dbConnection);
                SQLiteDataReader reader  = command.ExecuteReader();

                // check if we've seen this file before (in terms of hash and file location). If not, add it to the db
                if (!reader.HasRows)
                {
                    sql = "INSERT into " + dbName + " (name, application, hash, numSQLi, numCodEx, numFileEx, numInfoLeak, numXSS, numRedirect, numXPath, numLDAP) values ('" + dnb.name + "','" + dnb.application + "','" + dnb.hash + "'," + dnb.numSQLi + "," + dnb.numCodEx + "," + dnb.numFileEx + "," + dnb.numInfoLeak + "," + dnb.numXSS + "," + dnb.numRedirect + "," + dnb.numXPath + "," + dnb.numLDAP + ")";
                    ExecuteQuery(sql);
                }
            }
            catch (Exception e)
            {
                System.Windows.Forms.MessageBox.Show(e.ToString());
            }
        }
Ejemplo n.º 5
0
 // extract bug classes and number of bugs where > 0
 public static string getBugs(DotNetBinary dnb)
 {
     string retstring = "";
     retstring += (dnb.numCodEx > 0) ? "CodeExecution:" + dnb.numCodEx + "," : "";
     retstring += (dnb.numFileEx > 0) ? "FileCanonicalisation:" + dnb.numFileEx + "," : "";
     retstring += (dnb.numInfoLeak > 0) ? "InfoLeak:" + dnb.numInfoLeak + "," : "";
     retstring += (dnb.numLDAP > 0) ? "LDAPi:" + dnb.numLDAP + "," : "";
     retstring += (dnb.numRedirect > 0) ? "Redirect:" + dnb.numRedirect + "," : "";
     retstring += (dnb.numSQLi > 0) ? "SQLi:" + dnb.numSQLi + "," : "";
     retstring += (dnb.numXPath > 0) ? "XPathi:" + dnb.numXPath + "," : "";
     retstring += (dnb.numXSS > 0) ? "XSS:" + dnb.numXSS + "," : "";
     retstring = retstring.Substring(0, retstring.Length - 1);
     return retstring;
 }
Ejemplo n.º 6
0
        public void TraverseAndRun(string root, string binary, string rules, string dest)
        {
            label1.Text = "Enumerating .NET EXE and DLL Files...";
            label1.Refresh();
            DotNetBinary dnb = new DotNetBinary();

            try
            {

                // enumerate all .NET dll and exe files in the given directory
                var dotNetFiles = from file in Directory.EnumerateFiles(root, "*.*", SearchOption.AllDirectories)
                               where (isDotNet(file, "_CorDllMain") && file.EndsWith(".dll")) || (isDotNet(file, "_CorExeMain") && file.EndsWith(".exe"))
                               select new
                               {
                                   File = file
                               };

                label1.Text = "Enumerating Files... Complete. Found " + dotNetFiles.Count().ToString() + " files.";
                label1.Refresh();

                // only continue if we found >= 1 file
                if (dotNetFiles.Count() != 0)
                {
                    int count = 0;

                    progressBar1.Step = (int)(progressBar1.Maximum / dotNetFiles.Count());

                    // calculate the given CAT.NET timeout (how long before CAT gives up on processing a binary)
                    int timeout;
                    bool isNumeric = int.TryParse(CATtimeout.Text, out timeout);
                    if (isNumeric)
                    {
                        timeout = timeout * 1000 * 60;
                    }
                    else
                    {
                        timeout = 300000;
                    }

                    List<string> errorFiles = new List<string>();

                    foreach (var f in dotNetFiles)
                    {

                        System.IO.FileInfo fi = new System.IO.FileInfo(f.File);

                        string filePath = dest + "\\" + fi.Name;

                        ProcessStartInfo startInfo = new ProcessStartInfo();
                        startInfo.CreateNoWindow = true;
                        startInfo.UseShellExecute = false;
                        startInfo.FileName = "\"" + binary + "\"";
                        startInfo.WindowStyle = ProcessWindowStyle.Hidden;
                        startInfo.Arguments = "/file:" + "\"" + f.File + "\"" + rules + " /report:\"" + filePath + "\"" + ".xml" + " /reportxsloutput:\"" + filePath + "\"" + ".html";

                        label1.Text = "Processing " + fi.Name + " : " + (++count).ToString() + " of " + dotNetFiles.Count().ToString();
                        label1.Refresh();

                        dnb.hash = hashFile(fi);
                        dnb.name = fi.Name;
                        dnb.application = Path.GetDirectoryName(f.File);
                                                
                        // only run CAT.NET on the binary if we haven't done so before
                        if (!DbFuncs.seenBefore(dnb))
                        {
                            try
                            {
                                // Start the process with the info we specified. Call WaitForExit and then the using statement will close.
                                using (Process exeProcess = Process.Start(startInfo))
                                {
                                    // give the process 5 minutes runtime before we kill it and move on to the next file
                                    bool cleanExit = exeProcess.WaitForExit(timeout); // default is 300000
                                    label1.Text = "Timeout reached. Moving to next file.";

                                    if (!cleanExit)
                                    {
                                        exeProcess.Kill();
                                        label1.Text = "Timout reached and process kill forced. Moving to next file.";
                                        errorFiles.Add(fi.Name);
                                    }
                                    else
                                    {
                                        label1.Text = "                                                                                                                       ";
                                        label1.Refresh();

                                        // add the file to our TreeNode                     
                                        TreeNode[] results = parseXML(filePath + ".xml");
                                        TreeNode treeNode = new TreeNode(f.File.ToString(), results);
                                        treeView1.Nodes.Add(treeNode);
                                        treeView1.Refresh();

                                        foreach (TreeNode tn in results)
                                        {
                                            string[] s = tn.Text.Split(':');
                                            Console.Write(s[0] + " " + s[1]);
                                            if (s[0].Equals("SQLi")) { int.TryParse(s[1], out dnb.numSQLi); }
                                            if (s[0].Equals("Command Execution")) { int.TryParse(s[1], out dnb.numCodEx); }
                                            if (s[0].Equals("File Canonicalisation")) { int.TryParse(s[1], out dnb.numFileEx); }
                                            if (s[0].Equals("Info Leak")) { int.TryParse(s[1], out dnb.numInfoLeak); }
                                            if (s[0].Equals("XSS")) { int.TryParse(s[1], out dnb.numXSS); }
                                            if (s[0].Equals("User Redirection")) { int.TryParse(s[1], out dnb.numRedirect); }
                                            if (s[0].Equals("XPath Injection")) { int.TryParse(s[1], out dnb.numXPath); }
                                            if (s[0].Equals("LDAP Injection")) { int.TryParse(s[1], out dnb.numLDAP); }
                                        }

                                        // add the results to the database
                                        DbFuncs.PopulateDB(dnb);
                                        // refresh the datagrid
                                        dataGridView1.DataSource = DbFuncs.DumpDB().Tables[0].DefaultView;
                                    }
                                }

                            }
                            // error either opening file or running CAT.NET on that file.
                            catch
                            {
                                errorFiles.Add(fi.Name);
                            }
                        }

                        else
                        {
                            label1.Text = "Seen this file before; moving to next file...";
                        }
                        progressBar1.PerformStep();
                        progressBar1.Refresh();
                    }
                    progressBar1.Step = progressBar1.Maximum;
                    progressBar1.PerformStep();
                    progressBar1.Refresh();
                    label1.Text = "Finished.";

                    if (errorFiles.Count > 0)
                    {
                        string errors = "There were errors processing the following files.\nTry again with a longer CAT timeout:\n" + string.Join("\n", errorFiles.ToArray());
                        MessageBox.Show(errors);
                    }
                    
                }
                
            }
            catch(Exception e)
            {
                // e.g. some sort of dir/file exception
                MessageBox.Show(e.ToString());
            }

        }
Ejemplo n.º 7
0
        public static bool seenBefore(DotNetBinary dnb)
        {
                SetConnection();
                m_dbConnection.Open();
                string sql = "SELECT * FROM " + dbName + " WHERE hash = '" + dnb.hash + "' AND application = '" + dnb.application + "';";
                SQLiteCommand command = new SQLiteCommand(sql, m_dbConnection);
                SQLiteDataReader reader = command.ExecuteReader();

                return reader.HasRows;
        }
Ejemplo n.º 8
0
        public void TraverseAndRun(string root, string binary, string rules, string dest)
        {
            label1.Text = "Enumerating .NET EXE and DLL Files...";
            label1.Refresh();
            DotNetBinary dnb = new DotNetBinary();

            try
            {
                // enumerate all .NET dll and exe files in the given directory
                var dotNetFiles = from file in Directory.EnumerateFiles(root, "*.*", SearchOption.AllDirectories)
                                  where (isDotNet(file, "_CorDllMain") && file.EndsWith(".dll")) || (isDotNet(file, "_CorExeMain") && file.EndsWith(".exe"))
                                  select new
                {
                    File = file
                };

                label1.Text = "Enumerating Files... Complete. Found " + dotNetFiles.Count().ToString() + " files.";
                label1.Refresh();

                // only continue if we found >= 1 file
                if (dotNetFiles.Count() != 0)
                {
                    int count = 0;

                    progressBar1.Step = (int)(progressBar1.Maximum / dotNetFiles.Count());

                    // calculate the given CAT.NET timeout (how long before CAT gives up on processing a binary)
                    int  timeout;
                    bool isNumeric = int.TryParse(CATtimeout.Text, out timeout);
                    if (isNumeric)
                    {
                        timeout = timeout * 1000 * 60;
                    }
                    else
                    {
                        timeout = 300000;
                    }

                    List <string> errorFiles = new List <string>();

                    foreach (var f in dotNetFiles)
                    {
                        System.IO.FileInfo fi = new System.IO.FileInfo(f.File);

                        string filePath = dest + "\\" + fi.Name;

                        ProcessStartInfo startInfo = new ProcessStartInfo();
                        startInfo.CreateNoWindow  = true;
                        startInfo.UseShellExecute = false;
                        startInfo.FileName        = "\"" + binary + "\"";
                        startInfo.WindowStyle     = ProcessWindowStyle.Hidden;
                        startInfo.Arguments       = "/file:" + "\"" + f.File + "\"" + rules + " /report:\"" + filePath + "\"" + ".xml" + " /reportxsloutput:\"" + filePath + "\"" + ".html";

                        label1.Text = "Processing " + fi.Name + " : " + (++count).ToString() + " of " + dotNetFiles.Count().ToString();
                        label1.Refresh();

                        dnb.hash        = hashFile(fi);
                        dnb.name        = fi.Name;
                        dnb.application = Path.GetDirectoryName(f.File);

                        // only run CAT.NET on the binary if we haven't done so before
                        if (!DbFuncs.seenBefore(dnb))
                        {
                            try
                            {
                                // Start the process with the info we specified. Call WaitForExit and then the using statement will close.
                                using (Process exeProcess = Process.Start(startInfo))
                                {
                                    // give the process 5 minutes runtime before we kill it and move on to the next file
                                    bool cleanExit = exeProcess.WaitForExit(timeout); // default is 300000
                                    label1.Text = "Timeout reached. Moving to next file.";

                                    if (!cleanExit)
                                    {
                                        exeProcess.Kill();
                                        label1.Text = "Timout reached and process kill forced. Moving to next file.";
                                        errorFiles.Add(fi.Name);
                                    }
                                    else
                                    {
                                        label1.Text = "                                                                                                                       ";
                                        label1.Refresh();

                                        // add the file to our TreeNode
                                        TreeNode[] results  = parseXML(filePath + ".xml");
                                        TreeNode   treeNode = new TreeNode(f.File.ToString(), results);
                                        treeView1.Nodes.Add(treeNode);
                                        treeView1.Refresh();

                                        foreach (TreeNode tn in results)
                                        {
                                            string[] s = tn.Text.Split(':');
                                            Console.Write(s[0] + " " + s[1]);
                                            if (s[0].Equals("SQLi"))
                                            {
                                                int.TryParse(s[1], out dnb.numSQLi);
                                            }
                                            if (s[0].Equals("Command Execution"))
                                            {
                                                int.TryParse(s[1], out dnb.numCodEx);
                                            }
                                            if (s[0].Equals("File Canonicalisation"))
                                            {
                                                int.TryParse(s[1], out dnb.numFileEx);
                                            }
                                            if (s[0].Equals("Info Leak"))
                                            {
                                                int.TryParse(s[1], out dnb.numInfoLeak);
                                            }
                                            if (s[0].Equals("XSS"))
                                            {
                                                int.TryParse(s[1], out dnb.numXSS);
                                            }
                                            if (s[0].Equals("User Redirection"))
                                            {
                                                int.TryParse(s[1], out dnb.numRedirect);
                                            }
                                            if (s[0].Equals("XPath Injection"))
                                            {
                                                int.TryParse(s[1], out dnb.numXPath);
                                            }
                                            if (s[0].Equals("LDAP Injection"))
                                            {
                                                int.TryParse(s[1], out dnb.numLDAP);
                                            }
                                        }

                                        // add the results to the database
                                        DbFuncs.PopulateDB(dnb);
                                        // refresh the datagrid
                                        dataGridView1.DataSource = DbFuncs.DumpDB().Tables[0].DefaultView;
                                    }
                                }
                            }
                            // error either opening file or running CAT.NET on that file.
                            catch
                            {
                                errorFiles.Add(fi.Name);
                            }
                        }

                        else
                        {
                            label1.Text = "Seen this file before; moving to next file...";
                        }
                        progressBar1.PerformStep();
                        progressBar1.Refresh();
                    }
                    progressBar1.Step = progressBar1.Maximum;
                    progressBar1.PerformStep();
                    progressBar1.Refresh();
                    label1.Text = "Finished.";

                    if (errorFiles.Count > 0)
                    {
                        string errors = "There were errors processing the following files.\nTry again with a longer CAT timeout:\n" + string.Join("\n", errorFiles.ToArray());
                        MessageBox.Show(errors);
                    }
                }
            }
            catch (Exception e)
            {
                // e.g. some sort of dir/file exception
                MessageBox.Show(e.ToString());
            }
        }