THC HackSuite File Library

random gallery image

random tutorial

preview

..will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain what we're..

random information gathering

THC Sscan

THC Sscan is a very versatile tool for scanning (html) files

more about this module
more of this category
more modules

HackSuite File Library

Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.


<?php

/*

Handler for Inject It



Author: Remco Kouw

Site: http://www.hacksuite.com

Last Edit: 13-04-2015

*/

// set variable to be able to save a task

$_MODULE_C = "thc_ii";

include_once("../../Includes/screen_header.php");

$_PATHS['injectlog'] = $_PATHS['module_default_root']."/logs/default.php";

include_once($_PATHS['style_root']."/screen.php");

include_once($_PATHS['functions_root']."/fwrite.php");

include_once($_PATHS['module_default_root']."/inject.php");

include_once($_PATHS['functions_root']."/scrn.php");

// options

$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";

$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";

$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";

if(isset($_POST['submit'])){

    switch($_POST['submit']){

        // scan

        case"Scan":

        echo $sOut;

        $_POST['iAttackType'] = ($_POST['iAttackType']!=1 ? 0 : 1);

        if($_POST['iAttackType']==0){

            // set static post variables to determine which variables to poison

            $_STATIC = array("iAttackType","sTarget","sUseFile","aExploits","submit");

            $_POISON = array();

            foreach($_POST as $sKey=>$mValue){

                if(!in_array($sKey,$_STATIC)){

                    $_POISON[] = $sKey;

                }

            }

            if(false==($iPoison = @count($_POISON))){

                // no variables selected to poison

                die(Screen("<br>\n<b>No variables selected to poison</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));

            }

        }

        else{

            $sDest = $_PATHS['module_default_root']."/urls/".ExploitFilter($_POST['sUseFile'],0,1);

            if(!file_exists($sDest)){

                // file doesn't exist

                die(Screen("<br>\n<b>Log file doesn't exist</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));

            }

            if(filesize($sDest)==0){

                // target file is empty

                die(Screen("<br>\n<b>Target file is empty</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));

            }

        }

        if(false==($iExploits = @count($_POST['aExploits']))){

            // no exploits selected

            die(Screen("<br>\n<b>No exploits selected</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));

        }

        // used for creating the exploiturl and initialize the attack

        @include_once($_PATHS['module_default_root']."/func_exploiturl.php");

        @include_once($_PATHS['module_default_root']."/func_payloadsend.php");

        @include_once($_PATHS['module_default_root']."/func_parseresponse.php");

        // buffer for logging

        $sBuffer = "";

        // generate a unique scan id

        $sID = substr(md5(time()),0,10);

        include_once($_PATHS['includes_root']."/task_start.php");

        echo Screen("<br>\n<b>Running..</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

        // spit fire...

        flush();

        ob_flush();

        if($_POST['iAttackType']==1){

            // mass scan

            @include_once($_PATHS['functions_root']."/exploit_filter.php");

            $aFile = file($sDest);

            for($x=0;$x<count($aFile);$x++){

                if($aFile[$x]!=""){

                    // parse url, attack it, send exploit and parse response

                    foreach($_CONTEXT['inject'] as $sKey=>$aExploitP){

                        $sUrl = ExploitUrl(trim($aFile[$x]),$_CONTEXT['inject'],$sKey);

                        $aResponse = PayloadSend($sUrl,$_CONTEXT['curloptions']);

                        $sBuffer .= $sID."|".time()."|".trim($aFile[$x])."|".$sKey."|";

                        $bResult = ParseResponse($aResponse['data'],$_CONTEXT['inject'][$sKey]['response']);

                        $sBuffer .= ($bResult ? 1 : 0)."\n";

                        echo Screen("<br>\n".$aFile[$x]." ".($bResult ? "could be" : "isn't")." exploitable with ".$sKey."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

                    }

                }

            }

        }

        else{

            // single scan

            for($x=0;$x<$iExploits;$x++){

                $sUrl = ExploitUrl($_POST['sTarget'],$_CONTEXT['inject'],$_POST['aExploits'][$x],$_POISON);

                $aResponse = PayloadSend($_POST['sTarget'],$_CONTEXT['curloptions']);

                $sBuffer .= $sID."|".time()."|".$_POST['sTarget']."|".$_POST['aExploits'][$x]."|";

                $bResult = ParseResponse($aResponse['data'],$_CONTEXT['inject'][$_POST['aExploits'][$x]]['response']);

                $sBuffer .= ($bResult ? 1 : 0)."\n";

                echo Screen("<br>\n".$_POST['sTarget']." ".($bResult ? "could be" : "isn't")." exploitable with ".$_POST['aExploits'][$x]."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

            }

        }

        if($_POST['iLogType']==1){

            WriteF($_PATHS['injectlog'],$sBuffer,"a");

        }

        break;

        // dump log

        case"Dump Log":

        echo $sOut;

        @include_once($_PATHS['functions_root']."/raw_to_array.php");

        if(false==($aKeys = RawToArray($_PATHS['injectlog']))){

            echo"<b id=h7>[no logs found]</b>";

        }

        else{

            $sThisSession = "";

            for($x=0;$x<count($aKeys);$x++){

                if($x==0){

                    $sThisSession = $aKeys[$x][0];

                    echo"<p><b>session ".$sThisSession."</b><br />\n";

                }

                elseif($sThisSession!=$aKeys[$x][0]){

                    $sThisSession = $aKeys[$x][0];

                    echo"</p><p><b>session ".$sThisSession."</b><br />\n";

                }

                echo"<b>[".date($_CONTEXT['time_pattern'].' H:i:s',$aKeys[$x][1])."]</b> (".$aKeys[$x][2].") inject ".$aKeys[$x][3].", result ".(trim($aKeys[$x][4])==1 ? "<b id=\"h6\">SUCCESS</b>" : "<b id=\"h7\">FAILED</b>")."<br>\n";

            }

            echo"</p>";

        }

        echo $sEnd;

        exit;

        break;

        // clean logfile

        case"Truncate Log":

        echo $sOut;

        echo (WriteF($_PATHS['injectlog'],"","w")==true ? "Successfully deleted old entries." : "Failed to delete old entries.");

        echo $sEnd;

        exit;

        break;

        // just show index

        default:

        echo $sOut;

        echo $sOptions;

        echo $sEnd;

        exit;

    }

}

else{

    echo $sOut;

    echo $sOptions;

    echo $sEnd;

    exit;

}

// update entry in background task file

include_once($_PATHS['includes_root']."/task_end.php");

echo $sEnd;

?>

[ back ]

site stats

cms statistics:

version: 0.6.0
downloads: 4381
native: 26
modules: 21
apps: 2

support development

It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!

disclaimer

We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!

site resources

remote resources

partners and friends

Created by Remco Kouw. Powered by protein shakes and a high calorie diet.