private IErrorPlugin AutoDetectPlugin(AttackVectorFactory avf) { List <IErrorPlugin> PluginList = new List <IErrorPlugin>(); foreach (IPlugin ep in _AbsintheState.PluginList) { if (ep.GetType().GetInterface("IErrorPlugin") != null) { PluginList.Add((IErrorPlugin)ep); } } IErrorPlugin[] pl = SqlErrorAttackVector.AutoDetectPlugins(PluginList.ToArray(), avf, (_AppSettings.ProxyInUse) ? _AppSettings.RotatedProxy() : null); if (pl.Length == 1) { ChangeSelectedPluginText(pl[0].PluginDisplayTargetName); return(pl[0]); } else if (pl.Length == 0) { ChangeSelectedPluginText(PluginList[0].PluginDisplayTargetName); return(PluginList[0]); } else { System.Text.StringBuilder sb = new System.Text.StringBuilder(); sb.Append("Multiple plugins support this version of SQL Server. Please select one of the following:"); foreach (IErrorPlugin epl in pl) { sb.Append(Environment.NewLine).Append(epl.PluginDisplayTargetName); } UserMessage(sb.ToString()); // handle this return(null); } }
private void InitializeAttackVectors() { string URL; URL = ctlConnection1.UseSsl == true ? "https://" : "http://"; URL += ctlConnection1.TargetUrl; string Method = ctlConnection1.ConnectMethod; if (Method.Equals("")) { return; } SafelyChangeCursor(Cursors.WaitCursor); // Generate StringDict string TargetName, TargetField; bool InjectAsString; TargetName = String.Empty; TargetField = String.Empty; NameValueCollection Others = new NameValueCollection(); NameValueCollection Cookies = new NameValueCollection(); Others = FormParameters.FormParameters(ref TargetName, ref TargetField, out InjectAsString); Cookies = FormParameters.Cookies; if (TargetName.Equals(String.Empty)) { UserStatus("No Injection Point Found"); SafelyChangeCursor(Cursors.Default); return; } UserStatus("Beginning Preliminary Scan"); try { SafelyChangeEnableOfControl(butInitializeInjection, false); AttackVectorFactory avf; InjectionOptions opts; if (optBlindInjection.Checked == true) { opts = new BlindInjectionOptions(); ((BlindInjectionOptions)opts).Tolerance = _AbsintheState.FilterTolerance; ((BlindInjectionOptions)opts).Delimiter = _AbsintheState.FilterDelimiter; } else { opts = new ErrorInjectionOptions(); ((ErrorInjectionOptions)opts).VerifyVersion = chkVerifyVersion.Checked; } opts.TerminateQuery = _AbsintheState.TerminateQuery; opts.Cookies = Cookies; opts.WebProxies = _AppSettings.ProxyQueue(); opts.InjectAsString = InjectAsString; opts.UserAgent = _AbsintheState.UserAgent; opts.AuthCredentials = ctlUserAuth1.NetworkCredential; opts.AppendedQuery = _AbsintheState.AppendedText; avf = new AttackVectorFactory(URL, TargetName, TargetField, Others, Method, opts); avf.UserStatus += new UserEvents.UserStatusEventHandler(UserStatus); int PluginNumber = Array.IndexOf(_PluginEntries, _AbsintheState.LoadedPluginName); IPlugin pt = null; if (optBlindInjection.Checked) { foreach (IPlugin bp in _AbsintheState.PluginList) { if (bp.GetType().GetInterface("IBlindPlugin") != null) { if (bp.PluginDisplayTargetName == _AbsintheState.LoadedPluginName) { pt = (IPlugin)bp; break; } } } _AbsintheState.TargetAttackVector = avf.BuildBlindSqlAttackVector(_AbsintheState.FilterTolerance, (IBlindPlugin)pt); UserStatus("Finished initial scan"); } else if (optErrorBasedInjection.Checked) { if (PluginNumber <= 0) { pt = AutoDetectPlugin(avf); } else { foreach (IPlugin ep in _AbsintheState.PluginList) { if (ep.PluginDisplayTargetName == _AbsintheState.LoadedPluginName) { pt = (IPlugin)ep; break; } } } if (pt != null) { try { _AbsintheState.TargetAttackVector = avf.BuildSqlErrorAttackVector((IErrorPlugin)pt); UserStatus("Finished initial scan"); } catch (UnsupportedSQLErrorVersionException sqlex) { ErrorReportingDelegate ts = new ErrorReportingDelegate(ThreadUnsafeDisplayErrorReportDialog); this.Invoke(ts, new object[] { sqlex.VersionErrorPageHtml, sqlex.HavingErrorPageHtml }); } } } } catch (Exception e) { System.Diagnostics.Debug.WriteLine(e.ToString()); UserStatus(e.Message); } finally { SafelyChangeEnableOfControl(butInitializeInjection, true); SafelyChangeCursor(Cursors.Default); } }