///<summary>Public Constructor for instantiation</summary>
///<param name="URL">The URL of the attack target</param>
///<param name="VectorName">The name of the injectable parameter</param>
///<param name="VectorBuffer">The default value of the injectable parameter</param>
///<param name="AdditionalParams">Any additional parameters to be sent but not used as part of the injection</param>
///<param name="Method">The form action method to use during the injection</param>
///<param name="Options">The InjectionOptions to be used during the attack</param>
public AttackVectorFactory(string URL, string VectorName, string VectorBuffer, NameValueCollection AdditionalParams, string Method,
InjectionOptions Options)
{
httpConnect.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
_Options = Options;
Initialize(URL, VectorName, VectorBuffer, AdditionalParams, Method, Options.TerminateQuery);
}
///<summary>Rebuilds an AttackVector from it's saved XML format</summary>
///<param name="VectorNode">The root node of the Attack Vector information</param>
///<param name="opts">The options for this injection</param>
/// <param name="PluginUsed">The current plugin being used for this injection</param>
///<returns>An initialized AttackVector</returns>
public AttackVector BuildFromXml(XmlNode VectorNode, InjectionOptions opts, IPlugin PluginUsed)
{
string VectorType;
GlobalDS.ExploitType ActualVectorType;
if (VectorNode.Attributes["type"] != null)
{
VectorType = VectorNode.Attributes["type"].InnerText;
if (!System.Enum.IsDefined(typeof(GlobalDS.ExploitType), VectorType))
{
VectorType = GlobalDS.ExploitType.Undefined.ToString();
}
ActualVectorType = (GlobalDS.ExploitType)System.Enum.Parse(typeof(GlobalDS.ExploitType), VectorType);
opts.Cookies = _Options.Cookies;
opts.WebProxies = _Options.WebProxies;
if (VectorNode.Attributes["PostBuffer"] != null)
{
opts.AppendedQuery = VectorNode.Attributes["PostBuffer"].InnerText;
}
switch (ActualVectorType)
{
case GlobalDS.ExploitType.ErrorBasedTSQL:
return(DeserializeSqlErrorAttackVectorXml(VectorNode, (IErrorPlugin)PluginUsed));
case GlobalDS.ExploitType.BlindSQLInjection:
return(DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions)opts, (IBlindPlugin)PluginUsed));
default:
// During Dev I'll use Blind MS Sql
return(DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions)opts, (IBlindPlugin)PluginUsed));
}
}
return(null);
}
///<summary>Rebuilds an AttackVector from it's saved XML format</summary>
///<param name="VectorNode">The root node of the Attack Vector information</param>
///<param name="opts">The options for this injection</param>
/// <param name="PluginUsed">The current plugin being used for this injection</param>
///<returns>An initialized AttackVector</returns>
public AttackVector BuildFromXml(XmlNode VectorNode, InjectionOptions opts, IPlugin PluginUsed)
{
string VectorType;
GlobalDS.ExploitType ActualVectorType;
if (VectorNode.Attributes["type"] != null)
{
VectorType = VectorNode.Attributes["type"].InnerText;
if (!System.Enum.IsDefined(typeof(GlobalDS.ExploitType), VectorType)) VectorType = GlobalDS.ExploitType.Undefined.ToString();
ActualVectorType = (GlobalDS.ExploitType) System.Enum.Parse(typeof(GlobalDS.ExploitType), VectorType);
opts.Cookies = _Options.Cookies;
opts.WebProxies = _Options.WebProxies;
if (VectorNode.Attributes["PostBuffer"] != null) opts.AppendedQuery = VectorNode.Attributes["PostBuffer"].InnerText;
switch(ActualVectorType)
{
case GlobalDS.ExploitType.ErrorBasedTSQL:
return DeserializeSqlErrorAttackVectorXml(VectorNode, (IErrorPlugin) PluginUsed);
case GlobalDS.ExploitType.BlindSQLInjection:
return DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions) opts, (IBlindPlugin) PluginUsed);
default:
// During Dev I'll use Blind MS Sql
return DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions) opts, (IBlindPlugin) PluginUsed);
}
}
return null;
}
///<summary>Public Constructor for instantiation</summary>
///<param name="URL">The URL of the attack target</param>
///<param name="VectorName">The name of the injectable parameter</param>
///<param name="VectorBuffer">The default value of the injectable parameter</param>
///<param name="FormParams">Any additional parameters to be sent but not used as part of the injection</param>
///<param name="Method">The form action method to use during the injection</param>
///<param name="Options">The InjectionOptions to be used during the attack</param>
public AttackVectorFactory(string URL, string VectorName, string VectorBuffer, Hashtable FormParams, string Method,
InjectionOptions Options)
{
httpConnect.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
NameValueCollection AdditionalParams = PrepAdditionalParams(FormParams);
_Options = Options;
Initialize(URL, VectorName, VectorBuffer, AdditionalParams, Method, Options.TerminateQuery);
}