..tutorial we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the..
THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data
<?php
/* Setup handler
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 28-11-2014
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
define('IN_SCRIPT',1);
include_once("../vars.php");
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "Unknown action";
$sDest = "../Data/core_functions.php";
if(!@filesize($sDest)){
// create core functions data file
@include_once("../Functions/fwrite.php");
@include_once("../Functions/getfilebydir.php");
// core functions template
$sTemplate = "<?php\n";
$sTemplate .= "/* Core functions in the HackSuite\n\n";
$sTemplate .= "Author: Remco Kouw\n";
$sTemplate .= "Site: http://www.hacksuite.com\n";
$sTemplate .= "Last Edit: ".date('d-m-Y',time())."\n";
$sTemplate .= "*/\n";
$sTemplate .= "if(!defined('IN_SCRIPT')){\n\t";
$sTemplate .= "exit;\n";
$sTemplate .= "}\n";
$aFiles = GetFilesByDirectory("../Functions");
$sTemp = "";
for($x=0;$x<count($aFiles);$x++){
if($x!=0){
$sTemp .= ",";
}
$sTemp .= "\"".$aFiles[$x]."\"";
}
$sTemplate .= "\$_CONTEXT['core_functions'] = array(".$sTemp.");\n";
$sTemplate .= "?>";
WriteF($sDest,$sTemplate,"w");
// update log template
$sDest = "../Logs/log_activity.php";
$sTemplate = "<?php\n";
$sTemplate .= "/* Activity log\n\n";
$sTemplate .= "Author: Remco Kouw\n";
$sTemplate .= "Site: http://www.hacksuite.com\n";
$sTemplate .= "Last Edit: ".date('d-m-Y',time())."\n";
$sTemplate .= "*/\n";
$sTemplate .= "if(!defined('IN_SCRIPT')){\n\t";
$sTemplate .= "exit;\n";
$sTemplate .= "}\n";
$sTemplate .= "\$_CONTEXT['useraccessdata'] = array();\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['installed'] = ".time().";\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['last_update'] = ".time().";\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['ip'] = array(\"".$_SERVER['REMOTE_ADDR']."\");\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['last_scan'] = 0;\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['action'] = \"installed cms\";\n";
$sTemplate .= "?>";
WriteF($sDest,$sTemplate,"w");
}
if(isset($_POST['selectme'])){
if(isset($_CONTEXT['pass_access'],$_CONTEXT['ip_access']) && ($_CONTEXT['pass_access'] || $_CONTEXT['ip_access'])){
$aDataR['jmessage'] = "You have already setup the suite, use the configuration in order to change things";
}
else{
$aDataR['jresult'] = true;
if(isset($_POST['sPassLogin']) && isset($_POST['sIPLogin'])){
$aDataR['jnext'] = "both";
}
elseif(isset($_POST['sPassLogin'])){
$aDataR['jnext'] = "pass";
}
elseif(isset($_POST['sIPLogin'])){
$aDataR['jnext'] = "ip";
}
else{
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "Please select a security method for your suite";
}
}
}
elseif(isset($_POST['ipme'])){
if(!@filter_var($_POST['sIP'],FILTER_VALIDATE_IP,FILTER_FLAG_IPV4)){
$aDataR['jmessage'] = "Invalid ip address";
}
elseif($_POST['sIP']!=$_SERVER['REMOTE_ADDR'] && !isset($_POST['iConfirm'])){
$aDataR['jallow'] = 1;
$aDataR['jmessage'] = "This will block your current ip address (".$_SERVER['REMOTE_ADDR']."), if you're sure you want this then submit the form again";
}
else{
$sDest = "../vars.php";
$sData = @file_get_contents($sDest);
@include_once("../Functions/fwrite.php");
if(!is_writable($sDest)){
$aDataR['jmessage'] = "Make sure the file vars.php in root is writable";
}
else{
if(!function_exists("WriteF")){
$aDataR['jmessage'] = "Unable to load write function WriteF";
}
else{
if((isset($_CONTEXT['ip_access']) && $_CONTEXT['ip_access']) || (isset($_CONTEXT['ip_allowed']) && count($_CONTEXT['ip_allowed'])!=0)){
$aDataR['jmessage'] = "Invalid default value for one or more variables";
}
else{
$sData = str_replace("\$_CONTEXT['ip_access'] = false;","\$_CONTEXT['ip_access'] = true;",$sData);
$sData = str_replace("\$_CONTEXT['ip_allowed'] = array();","\$_CONTEXT['ip_allowed'] = array(\"".$_POST['sIP']."\");",$sData);
WriteF($sDest,$sData,"w");
if(isset($_POST['passadd'])){
$aDataR['jnext'] = "pass";
}
$aDataR['jresult'] = true;
}
}
}
}
}
elseif(isset($_POST['passme'])){
$_POST['sPass1'] = trim($_POST['sPass1']);
$_POST['sPass2'] = trim($_POST['sPass2']);
if(!isset($_POST['sPass1'],$_POST['sPass2'])){
$aDataR['jmessage'] = "No passwords specified";
}
elseif(strlen($_POST['sPass1'])<6){
$aDataR['jmessage'] = "Passwords must be at least 6 characters";
}
elseif($_POST['sPass1']!=$_POST['sPass2']){
$aDataR['jmessage'] = "Passwords don't match";
}
else{
$sDest = "../vars.php";
$sData = @file_get_contents($sDest);
@include_once("../Functions/fwrite.php");
if(!is_writable($sDest)){
$aDataR['jmessage'] = "Make sure the file vars.php in root is writable";
}
else{
if(!function_exists("WriteF")){
$aDataR['jmessage'] = "Unable to load write function WriteF";
}
else{
if((isset($_CONTEXT['pass_access']) && $_CONTEXT['pass_access']) || (isset($_CONTEXT['pass_hash']) && $_CONTEXT['pass_hash']!=0) || (isset($_CONTEXT['pass_salt']) && $_CONTEXT['pass_salt']!=0)){
$aDataR['jmessage'] = "Invalid default value for one or more variables";
}
else{
$sSalt = substr(md5(mt_rand(0,time())),0,10);
$sData = str_replace("\$_CONTEXT['pass_access'] = false;","\$_CONTEXT['pass_access'] = true;",$sData);
$sData = str_replace("\$_CONTEXT['pass_salt'] = 0;","\$_CONTEXT['pass_salt'] = \"".$sSalt."\";",$sData);
$sData = str_replace("\$_CONTEXT['pass_hash'] = 0;","\$_CONTEXT['pass_hash'] = \"".sha1($sSalt.":".$_POST['sPass1'])."\";",$sData);
WriteF($sDest,$sData,"w");
$aDataR['jresult'] = true;
}
}
}
}
}
echo json_encode($aDataR);
?>