random gallery image
random tutorial
preview..are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the suite. We..
random bruteforce
AntiFTP
AntiFTP uses wordlists in order to bruteforce FTP user accounts
HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
XSS vulnerable server
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 27-02-2015
*/
define('IN_SCRIPT',1);
// set some paths
$_ROOT = str_replace("/TestServers","",substr($_SERVER['SCRIPT_FILENAME'],0,strrpos($_SERVER['SCRIPT_FILENAME'],"/")));
$sCurrentFile = substr($_SERVER['SCRIPT_FILENAME'],strrpos($_SERVER['SCRIPT_FILENAME'],"/")+1);
// get the current log folder
$_DYNAMIC_ROOT = "..";
include_once("../vars.php");
include_once("../paths.php");
$aLogFolder = explode("/",$_PATHS['log_root']);
$sLogFile = $_ROOT."/".$aLogFolder[(count($aLogFolder)-1)]."/".$sCurrentFile;
// include setup based upon file path
include_once($_ROOT."/Includes/server_setup.php");
// valid security levels
$_CONTEXT['secure_level'] = array();
$_CONTEXT['secure_level'][0] = "really low";
$_CONTEXT['secure_level'][1] = "low";
$_CONTEXT['secure_level'][2] = "medium";
$_CONTEXT['secure_level'][3] = "high";
// place where the victim would store our xss data
$sDataFile = $_PATHS['servers_root']."/RESULTS/xss.php";
// load the right amount of security
if(isset($_POST['sMessageF'])){
if(!isset($_CONTEXT['secure_level'][$_CONFIG['iExploitLevel']])){
// invalid security level
echo"Security level doesn't exist";
}
else{
// validate input
if($_POST['sMessageF']==""){
echo"No message send";
}
else{
// determine security level
$_POST['sMessageF'] = trim($_POST['sMessageF']);
switch($_CONFIG['iExploitLevel']){
/* really low */
case"0":
break;
/* low */
case"1":
$_POST['sMessageF'] = str_replace("<script>","",$_POST['sMessageF']);
$_POST['sMessageF'] = str_replace("</script>","",$_POST['sMessageF']);
break;
/* medium */
case"2":
$_POST['sMessageF'] = preg_replace('/<script(.*?)>(.*?)<\/script>/Uis',"",$_POST['sMessageF']);
if($_POST['sMessageF']==""){
die("Removed script data");
}
break;
/* high */
case"3":
$_POST['sMessageF'] = htmlspecialchars($_POST['sMessageF']);
break;
}
include_once($_ROOT."/Functions/fwrite.php");
if(!WriteF($sDataFile,$_POST['sMessageF'],"w")){
echo"Failed to post message";
}
else{
echo"Successfully posted message";
}
}
}
}
else{
// create xss form
echo"<html>\n";
echo"<head>\n";
echo"<title>XSS Vulnerable System</title>\n";
echo"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\n";
echo"<style type=\"text/css\">\n";
echo"<!--\n";
echo"body { font-family:Arial,Verdana,Helvetica;font-size:10px;color:#c0c0c0; }\n";
echo"div { width:500px;border:1px solid #000000;padding:10px;margin:5px;font-size:14px; }\n";
echo"-->\n";
echo"</style>\n";
echo"</head>\n";
echo"<body>\n";
if(false==($sFileData = @file_get_contents($sDataFile))){
$sFileData = "post in order to store a message";
}
echo"<div>".$sFileData."</div>";
echo"<form method=\"post\" target=\"_blank\">\n";
echo"<b>message:</b> <textarea name=\"sMessageF\" cols=\"35\" rows=\"10\"></textarea><br />\n";
echo"<b>security level:</b> ".(!isset($_CONTEXT['secure_level'][$_CONFIG['iExploitLevel']]) ? "invalid level" : $_CONTEXT['secure_level'][$_CONFIG['iExploitLevel']])."<br />\n";
echo"<input type=\"submit\" name=\"submit\" value=\"Post\">\n";
echo"</form>\n";
echo"</body>\n";
echo"</html>";
}
?>
powered by
site stats
cms statistics:
version: 0.6.0downloads: 4380
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
site resources
remote resources
partners and friends