..will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain what we're..
THC Sscan is a very versatile tool for scanning (html) files
<?php
/* Log filename editor
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 21-02-2015
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
$_DYNAMIC_ROOT = "..";
include_once("../header.php");
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "An error occured";
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/get_file_data.php",$_PATHS['functions_root']."/getfilebydir.php");
for($x=0;$x<count($aFiles);$x++){
if(!file_exists($aFiles[$x])){
$aDataR['jmessage'] = "Missing required file: ".$aFiles[$x];
die(json_encode($aDataR));
}
@include_once($aFiles[$x]);
}
if(false===($iSelect = @count($_CONTEXT['l_formats']))){
$aDataR['jmessage'] = "Failed to load log formats file";
}
else{
// validate filenames
$sNewFile = @trim($_POST['sNewName']);
$sOldFile = @trim($_POST['sLogName']);
if($sNewFile==$sOldFile){
$aDataR['jmessage'] = "Source and destination are the same";
}
elseif($sNewFile=="" || $sOldFile==""){
$aDataR['jmessage'] = "No filename specified";
}
else{
if(!@preg_match('/^([0-9a-z_\-])+(\.){1}(php|txt){1}$/i',$sNewFile)){
$aDataR['jmessage'] = "Invalid new file name structure";
}
else{
// get environment conditions
$sDest = $_PATHS['data_root']."/logsdata.php";
include($sDest);
$_CONTEXT['oldnameexists'] = false;
$_CONTEXT['newnameexists'] = false;
$_CONTEXT['oldfileexists'] = false;
$_CONTEXT['newfileexists'] = false;
for($x=0;$x<count($_CONTEXT['l_formats']);$x++){
if(isset($_CONTEXT['l_formats'][$x]['file'])){
if($_CONTEXT['l_formats'][$x]['file']==$sNewFile){
$_CONTEXT['newnameexists'] = true;
}
if($_CONTEXT['l_formats'][$x]['file']==$sOldFile){
$_CONTEXT['oldnameexists'] = true;
$_CONTEXT['oldnamekey'] = $x;
}
}
}
$sOld = $_PATHS['log_root']."/".ExploitFilter($sOldFile,0,1);
$sNew = $_PATHS['log_root']."/".ExploitFilter($sNewFile,0,1);
$_CONTEXT['oldfileexists'] = file_exists($sOld) ? true : false;
$_CONTEXT['newfileexists'] = file_exists($sNew) ? true : false;
if(!$_CONTEXT['oldfileexists']){
$aDataR['jmessage'] = "Source file doesn't exist";
}
elseif(!$_CONTEXT['oldnameexists']){
$aDataR['jmessage'] = "Source file hasn't been registered in the log_edit.php file";
}
elseif($_CONTEXT['newfileexists']){
$aDataR['jmessage'] = "New file already exists";
}
elseif($_CONTEXT['newnameexists']){
$aDataR['jmessage'] = "Destination file has already been registered in the log_edit.php file";
}
else{
// meets conditions, get the file data of edit_file.php, change it and rename the old file to new file
$sFileData = GetFileData($sDest);
$sMD5Old = md5($sFileData);
$sFileData = str_replace("\$_CONTEXT['l_formats'][".$_CONTEXT['oldnamekey']."]['file'] = \"".$sOldFile."\";","\$_CONTEXT['l_formats'][".$_CONTEXT['oldnamekey']."]['file'] = \"".$sNewFile."\";",$sFileData);
$sMD5New = md5($sFileData);
if($sMD5Old==$sMD5New){
$aDataR['jmessage'] = "Failed to update file data";
}
else{
if(!WriteF($sDest,$sFileData,"w")){
$aDataR['jmessage'] = "Logfile isn't writable";
}
else{
if(@rename($sOld,$sNew)){
$aDataR['jresult'] = true;
$aDataR['jmessage'] = "Successfully changed filename";
}
else{
$aDataR['jmessage'] = "Filedata updated, but failed to change to new filename";
}
}
}
}
}
}
}
echo json_encode($aDataR);
?>