///<summary>Public Constructor for instantiation</summary> ///<param name="URL">The URL of the attack target</param> ///<param name="VectorName">The name of the injectable parameter</param> ///<param name="VectorBuffer">The default value of the injectable parameter</param> ///<param name="AdditionalParams">Any additional parameters to be sent but not used as part of the injection</param> ///<param name="Method">The form action method to use during the injection</param> ///<param name="Options">The InjectionOptions to be used during the attack</param> public AttackVectorFactory(string URL, string VectorName, string VectorBuffer, NameValueCollection AdditionalParams, string Method, InjectionOptions Options) { httpConnect.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus); _Options = Options; Initialize(URL, VectorName, VectorBuffer, AdditionalParams, Method, Options.TerminateQuery); }
///<summary>Rebuilds an AttackVector from it's saved XML format</summary> ///<param name="VectorNode">The root node of the Attack Vector information</param> ///<param name="opts">The options for this injection</param> /// <param name="PluginUsed">The current plugin being used for this injection</param> ///<returns>An initialized AttackVector</returns> public AttackVector BuildFromXml(XmlNode VectorNode, InjectionOptions opts, IPlugin PluginUsed) { string VectorType; GlobalDS.ExploitType ActualVectorType; if (VectorNode.Attributes["type"] != null) { VectorType = VectorNode.Attributes["type"].InnerText; if (!System.Enum.IsDefined(typeof(GlobalDS.ExploitType), VectorType)) { VectorType = GlobalDS.ExploitType.Undefined.ToString(); } ActualVectorType = (GlobalDS.ExploitType)System.Enum.Parse(typeof(GlobalDS.ExploitType), VectorType); opts.Cookies = _Options.Cookies; opts.WebProxies = _Options.WebProxies; if (VectorNode.Attributes["PostBuffer"] != null) { opts.AppendedQuery = VectorNode.Attributes["PostBuffer"].InnerText; } switch (ActualVectorType) { case GlobalDS.ExploitType.ErrorBasedTSQL: return(DeserializeSqlErrorAttackVectorXml(VectorNode, (IErrorPlugin)PluginUsed)); case GlobalDS.ExploitType.BlindSQLInjection: return(DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions)opts, (IBlindPlugin)PluginUsed)); default: // During Dev I'll use Blind MS Sql return(DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions)opts, (IBlindPlugin)PluginUsed)); } } return(null); }
///<summary>Rebuilds an AttackVector from it's saved XML format</summary> ///<param name="VectorNode">The root node of the Attack Vector information</param> ///<param name="opts">The options for this injection</param> /// <param name="PluginUsed">The current plugin being used for this injection</param> ///<returns>An initialized AttackVector</returns> public AttackVector BuildFromXml(XmlNode VectorNode, InjectionOptions opts, IPlugin PluginUsed) { string VectorType; GlobalDS.ExploitType ActualVectorType; if (VectorNode.Attributes["type"] != null) { VectorType = VectorNode.Attributes["type"].InnerText; if (!System.Enum.IsDefined(typeof(GlobalDS.ExploitType), VectorType)) VectorType = GlobalDS.ExploitType.Undefined.ToString(); ActualVectorType = (GlobalDS.ExploitType) System.Enum.Parse(typeof(GlobalDS.ExploitType), VectorType); opts.Cookies = _Options.Cookies; opts.WebProxies = _Options.WebProxies; if (VectorNode.Attributes["PostBuffer"] != null) opts.AppendedQuery = VectorNode.Attributes["PostBuffer"].InnerText; switch(ActualVectorType) { case GlobalDS.ExploitType.ErrorBasedTSQL: return DeserializeSqlErrorAttackVectorXml(VectorNode, (IErrorPlugin) PluginUsed); case GlobalDS.ExploitType.BlindSQLInjection: return DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions) opts, (IBlindPlugin) PluginUsed); default: // During Dev I'll use Blind MS Sql return DeserializeBlindSqlAttackVectorXml(VectorNode, (BlindInjectionOptions) opts, (IBlindPlugin) PluginUsed); } } return null; }
///<summary>Public Constructor for instantiation</summary> ///<param name="URL">The URL of the attack target</param> ///<param name="VectorName">The name of the injectable parameter</param> ///<param name="VectorBuffer">The default value of the injectable parameter</param> ///<param name="FormParams">Any additional parameters to be sent but not used as part of the injection</param> ///<param name="Method">The form action method to use during the injection</param> ///<param name="Options">The InjectionOptions to be used during the attack</param> public AttackVectorFactory(string URL, string VectorName, string VectorBuffer, Hashtable FormParams, string Method, InjectionOptions Options) { httpConnect.UserStatus += new UserEvents.UserStatusEventHandler(BubbleUserStatus); NameValueCollection AdditionalParams = PrepAdditionalParams(FormParams); _Options = Options; Initialize(URL, VectorName, VectorBuffer, AdditionalParams, Method, Options.TerminateQuery); }