///<summary>Public Constructor for instantiation</summary>
 ///<param name="URL">The URL of the attack target</param>
 ///<param name="VectorName">The name of the injectable parameter</param>
 ///<param name="VectorBuffer">The default value of the injectable parameter</param>
 ///<param name="AdditionalParams">Any additional parameters to be sent but not used as part of the injection</param>
 ///<param name="Method">The form action method to use during the injection</param>
 ///<param name="Options">The InjectionOptions to be used during the attack</param>
 public AttackVectorFactory(string URL, string VectorName, string VectorBuffer, NameValueCollection AdditionalParams, string Method,
                            InjectionOptions Options)
 {
     httpConnect.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);
     _Options = Options;
     Initialize(URL, VectorName, VectorBuffer, AdditionalParams, Method, Options.TerminateQuery);
 }
        ///<summary>Rebuilds an AttackVector from it's saved XML format</summary>
        ///<param name="VectorNode">The root node of the Attack Vector information</param>
        ///<param name="opts">The options for this injection</param>
        /// <param name="PluginUsed">The current plugin being used for this injection</param>
        ///<returns>An initialized AttackVector</returns>
        public AttackVector BuildFromXml(XmlNode VectorNode, InjectionOptions opts, IPlugin PluginUsed)
        {
            string VectorType;

            GlobalDS.ExploitType ActualVectorType;

            if (VectorNode.Attributes["type"] != null)
            {
                VectorType = VectorNode.Attributes["type"].InnerText;
                if (!System.Enum.IsDefined(typeof(GlobalDS.ExploitType), VectorType))
                {
                    VectorType = GlobalDS.ExploitType.Undefined.ToString();
                }

                ActualVectorType = (GlobalDS.ExploitType)System.Enum.Parse(typeof(GlobalDS.ExploitType), VectorType);

                opts.Cookies    = _Options.Cookies;
                opts.WebProxies = _Options.WebProxies;

                if (VectorNode.Attributes["PostBuffer"] != null)
                {
                    opts.AppendedQuery = VectorNode.Attributes["PostBuffer"].InnerText;
                }

                switch (ActualVectorType)
                {
                case GlobalDS.ExploitType.ErrorBasedTSQL:
                    return(DeserializeSqlErrorAttackVectorXml(VectorNode, (IErrorPlugin)PluginUsed));

                case GlobalDS.ExploitType.BlindSQLInjection:
                    return(DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions)opts, (IBlindPlugin)PluginUsed));

                default:
                    // During Dev I'll use Blind MS Sql
                    return(DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions)opts, (IBlindPlugin)PluginUsed));
                }
            }

            return(null);
        }
Пример #3
0
		///<summary>Rebuilds an AttackVector from it's saved XML format</summary>
		///<param name="VectorNode">The root node of the Attack Vector information</param>
		///<param name="opts">The options for this injection</param>
        /// <param name="PluginUsed">The current plugin being used for this injection</param>
		///<returns>An initialized AttackVector</returns>
		public AttackVector BuildFromXml(XmlNode VectorNode, InjectionOptions opts, IPlugin PluginUsed)
		{
			string VectorType;
			GlobalDS.ExploitType ActualVectorType;

			if (VectorNode.Attributes["type"] != null)
			{
				VectorType = VectorNode.Attributes["type"].InnerText;
				if (!System.Enum.IsDefined(typeof(GlobalDS.ExploitType), VectorType)) VectorType = GlobalDS.ExploitType.Undefined.ToString();
				
				ActualVectorType = (GlobalDS.ExploitType) System.Enum.Parse(typeof(GlobalDS.ExploitType), VectorType);
				
				opts.Cookies = _Options.Cookies;
				opts.WebProxies = _Options.WebProxies;

				if (VectorNode.Attributes["PostBuffer"] != null)  opts.AppendedQuery = VectorNode.Attributes["PostBuffer"].InnerText;

				switch(ActualVectorType)
				{
 
					case GlobalDS.ExploitType.ErrorBasedTSQL:
						return DeserializeSqlErrorAttackVectorXml(VectorNode, (IErrorPlugin) PluginUsed);						
 					case GlobalDS.ExploitType.BlindSQLInjection:
						return DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions) opts, (IBlindPlugin) PluginUsed);
					default:
						// During Dev I'll use Blind MS Sql
						return DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions) opts, (IBlindPlugin) PluginUsed);						
				}
			}

			return null;
		}
Пример #4
0
		///<summary>Public Constructor for instantiation</summary>
		///<param name="URL">The URL of the attack target</param>
		///<param name="VectorName">The name of the injectable parameter</param>
		///<param name="VectorBuffer">The default value of the injectable parameter</param>
		///<param name="FormParams">Any additional parameters to be sent but not used as part of the injection</param>
		///<param name="Method">The form action method to use during the injection</param>
		///<param name="Options">The InjectionOptions to be used during the attack</param>
		public AttackVectorFactory(string URL, string VectorName, string VectorBuffer, Hashtable FormParams, string Method,
				InjectionOptions Options)
		{
			httpConnect.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus);			
			NameValueCollection AdditionalParams = PrepAdditionalParams(FormParams);
			_Options = Options;
			Initialize(URL, VectorName, VectorBuffer, AdditionalParams, Method, Options.TerminateQuery);
		}