..are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the suite. We..
AntiFTP uses wordlists in order to bruteforce FTP user accounts
<?php
/* Database connecter for Medusa
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 10-03-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
$_CONTEXT['subtitle'] = "Database Connecter";
// target files we need, so make sure they are present
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/getdirbydir.php",$_PATHS['data_root']."/dbprofiles.php");
for($x=0;$x<count($aFiles);$x++){
(!IsThere($aFiles[$x]) ? include_once($_PATHS['end']) : include_once($aFiles[$x]));
}
$sDest = $_PATHS['data_root']."/dbprofiles.php";
if(!$_CONTEXT['medusaforums'] = GetDirByDir($_PATHS['root']."/Apps/medusa/forums",0)){
// medusa isn't installed or in the wrong location
include_once($_PATHS['end']);
}
if(isset($_POST['sForum'])){
if(!in_array($_POST['sForum'],$_CONTEXT['medusaforums'])){
$_CONTEXT['errors'][] = "Invalid cms/forum specified";
include_once($_PATHS['end']);
}
}
if(!isset($_POST['submit'])){
// start connection manager
$sSelect = "<select name=\"sForum\">\n";
for($x=0;$x<count($_CONTEXT['medusaforums']);$x++){
// let's make the selection menu
$sSelect .= "<option value=\"".$_CONTEXT['medusaforums'][$x]."\">".$_CONTEXT['medusaforums'][$x]."</option>\n";
}
$sSelect .= "</select>\n";
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Medusa connection manager</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">select a product:</div>\n";
$sCode .= " <div class=\"flt pad3\">".$sSelect."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"dholder\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"submit\" value=\"Create Connection\" /> <input type=\"submit\" name=\"submit\" value=\"Show Connections\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
elseif($_POST['submit']=="Create Connection"){
// create and test connection form
if(!isset($_POST['sForum'])){
$_CONTEXT['errors'][] = "No cms/forum specified to create a connection for";
include_once($_PATHS['end']);
}
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Medusa connection manager setup</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">database host</div>\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"text\" name=\"sDBHost\" value=\"localhost\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">database user:</div>\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"text\" name=\"sDBUser\" value=\"\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">database pass:</div>\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"password\" name=\"sDBPass\" value=\"\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">database name:</div>\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"text\" name=\"sDBName\" value=\"\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"hidden\" name=\"sForum\" value=\"".$_POST['sForum']."\"><input type=\"submit\" name=\"submit\" value=\"Save Connection\" /> <input type=\"submit\" name=\"submit\" value=\"Test Connection\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
elseif($_POST['submit']=="Save Connection"){
// save connection
$bOverWrite = false;
// try to connect before saving
$rConnect = @mysql_connect($_POST['sDBHost'],$_POST['sDBUser'],$_POST['sDBPass']);
if(!is_resource($rConnect) || @mysql_select_db($_POST['sDBName'])===false){
// fail so abort
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."This connection doesn't work, check your credentials</div>";
}
else{
if(!isset($_CONTEXT['dbcon'][$_POST['sForum']])){
// add to connections
$sData = file_get_contents($sDest);
$sTemplate = "\$_CONTEXT['dbcon'] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0]['db'] = \"".$_POST['sDBName']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0]['user'] = \"".$_POST['sDBUser']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0]['pass'] = \"".$_POST['sDBPass']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0]['host'] = \"".$_POST['sDBHost']."\";";
$sData = str_replace("\$_CONTEXT['dbcon'] = array();",$sTemplate,$sData);
$bOverWrite = true;
}
else{
// check if this connection already exists
$bFound = false;
for($x=0;$x<count($_CONTEXT['dbcon'][$_POST['sForum']]);$x++){
if($_CONTEXT['dbcon'][$_POST['sForum']][$x]['db']==$_POST['sDBName'] && $_CONTEXT['dbcon'][$_POST['sForum']][$x]['host']==$_POST['sDBHost'] && $_CONTEXT['dbcon'][$_POST['sForum']][$x]['pass']==$_POST['sDBPass'] && $_CONTEXT['dbcon'][$_POST['sForum']][$x]['user']==$_POST['sDBUser']){
$bFound = true;
break;
}
}
if($bFound){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."This connection already exists in your profile</div>";
}
else{
// save connection
$aData = file($sDest);
$iItems = count($_CONTEXT['dbcon'][$_POST['sForum']]);
$sTemplate = "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."]['db'] = \"".$_POST['sDBName']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."]['user'] = \"".$_POST['sDBUser']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."]['pass'] = \"".$_POST['sDBPass']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."]['host'] = \"".$_POST['sDBHost']."\";\n";
$sData = "";
for($x=0;$x<count($aData);$x++){
$sData .= $aData[$x];
if(strpos($aData[$x],"['".$_POST['sForum']."'][".($iItems - 1)."]['host']")>0){
$sData .= $sTemplate;
$bOverWrite = true;
}
}
if(!$bOverWrite){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No data to update</div>";
}
}
}
}
if($bOverWrite){
// overwrite file with new content
(!WriteF($sDest,$sData,"w") ? include_once($_PATHS['end']) : $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Successfully added connection</div>");
}
}
elseif($_POST['submit']=="Show Connections"){
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Medusa remove connections</div>\n";
$sConnections = "";
foreach($_CONTEXT['dbcon'] as $sProduct=>$aValues){
$sConnections .= "<div><b>".$sProduct."</b></div>\n";
$sConnections .= "<blockquote>\n";
for($x=0;$x<count($aValues);$x++){
// let's make the selection menu
$sConnections .= "<div><input type=\"radio\" name=\"sDrop\" value=\"".$sProduct.":".$x."\" />".$aValues[$x]['db']."@".$aValues[$x]['host'].":".$aValues[$x]['user']."</div>\n";
}
$sConnections .= "</blockquote>\n";
}
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">".$sConnections."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"submit\" value=\"Drop Connection\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
elseif($_POST['submit']=="Drop Connection"){
// drop connection
if(!isset($_POST['sDrop'])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."You need to specify a connection that you want to drop.</div>";
}
else{
$aItem = @explode(":",$_POST['sDrop']);
if(!isset($_CONTEXT['dbcon'][$aItem[0]][$aItem[1]])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Selected connection doesn't exist.</div>";
}
else{
// get rid of the connection
if(@count($_CONTEXT['dbcon'][$aItem[0]])>1){
// just remove the connection
unset($_CONTEXT['dbcon'][$aItem[0]][$aItem[1]]);
$_CONTEXT['dbcon'][$aItem[0]] = array_values($_CONTEXT['dbcon'][$aItem[0]]);
}
else{
// get rid of the product array as a whole
unset($_CONTEXT['dbcon'][$aItem[0]]);
}
}
$sTemplate = "<?php\n";
$sTemplate .= "/* Database connections for THC Medusa */\n";
$sTemplate .= "\$_CONTEXT['dbcon'] = array();\n";
foreach($_CONTEXT['dbcon'] as $sProduct=>$aValues){
$iIndex = 0;
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'] = array();\n";
for($x=0;$x<count($aValues);$x++){
// let's make the selection menu
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."]['db'] = \"".$aValues[$x]['db']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."]['user'] = \"".$aValues[$x]['user']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."]['pass'] = \"".$aValues[$x]['pass']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."]['host'] = \"".$aValues[$x]['host']."\";\n";
$iIndex++;
}
}
$sTemplate .= "?>\n";
(!WriteF($sDest,$sTemplate,"w") ? include_once($_PATHS['end']) : $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Successfully removed connection.</div>");
}
}
elseif($_POST['submit']=="Test Connection"){
// test connection
$rConnect = @mysql_connect($_POST['sDBHost'],$_POST['sDBUser'],$_POST['sDBPass']);
if(!is_resource($rConnect)){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Failed to create connection, check your credentials.</div>";
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result'].(@mysql_select_db($_POST['sDBName'])===false ? "Failed to create connection, invalid database or no permission.": "Connection was successful.")."</div>";
}
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Invalid action specified.</div>";
}
?>