..we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/* MiniBB */
$_PROPERTIES = array();
$_PROPERTIES['name'] = "MiniBB";
$_PROPERTIES['version'] = "3.x";
$_PROPERTIES['usernamefield'] = "username";
$_PROPERTIES['emailfield'] = "user_email";
$_PROPERTIES['hashfield'] = "user_password";
$_PROPERTIES['tablename'] = "minibbtable_users";
$_PROPERTIES['tableprefix'] = "";
$_PROPERTIES['filename'] = "minibb/minibba.php";
// use post variables instead if values are different from default
if(isset($_POST['iUseDefault']) && $_POST['iUseDefault']==0){
$_PROPERTIES['usernamefield'] = @mysql_real_escape_string($_POST['sUserNameField']);
$_PROPERTIES['emailfield'] = @mysql_real_escape_string($_POST['sEmailField']);
$_PROPERTIES['hashfield'] = @mysql_real_escape_string($_POST['sHashField']);
$_PROPERTIES['tablename'] = @mysql_real_escape_string($_POST['sTableName']);
$_PROPERTIES['tableprefix'] = @mysql_real_escape_string($_POST['sTablePrefix']);
}
$_PROPERTIES['queryraw'] = array();
$_PROPERTIES['queryraw']['attack'] = "SELECT ".$_PROPERTIES['usernamefield']." AS crackuser,".$_PROPERTIES['hashfield']." AS crackpass".(isset($_PROPERTIES['saltfield']) ? ",".$_PROPERTIES['saltfield']." AS crackhash" : "")." FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename'];
$_PROPERTIES['queryraw']['getemail'] = "SELECT ".$_PROPERTIES['emailfield']." AS temail FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename']." WHERE ".$_PROPERTIES['usernamefield']."='/user/'";
if(isset($_GET['JSON'])){
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
echo json_encode($_PROPERTIES);
}
$_SYSTEM = array();
$_SYSTEM['name'] = $_PROPERTIES['name'];
$_SYSTEM['version'] = $_PROPERTIES['version'];
$_SYSTEM['patterns'] = array();
$_SYSTEM['patterns']['user'] = '/\$DBusr\s?=\s?\'(.*)?\'/';
$_SYSTEM['patterns']['password'] = '/\$DBpwd\s?=\s?\'(.*)?\'/';
$_SYSTEM['patterns']['host'] = '/\$DBhost\s?=\s?\'(.*)?\'/';
$_SYSTEM['patterns']['database'] = '/\$DBname\s?=\s?\'(.*)?\'/';
$_SYSTEM['file'] = "setup_options.php";
?>