..index page for the suite. It's very easy because the only thing you need to do is change the content of default.php. I don't want to create something like hello world or something..
THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data
<?php
/* maintenance */
include_once("header.php");
$_CONTEXT['page_title'] = "THC HackSuite CMS: Maintenance";
$_CONTEXT['subtitle'] = "HackSuite Maintenance";
$sJSDev = "<script type=\"text/javascript\" src=\"Templates/".$_PATHS['style_user']."/js/maintenance.js\"></script>\n";
$sJSDev .= "<script type=\"text/javascript\" src=\"Templates/".$_PATHS['style_user']."/js/maintenance_run.js\"></script>\n";
$_CONTEXT['headers'] = isset($_CONTEXT['headers']) ? $_CONTEXT['headers'].$sJSDev : $sJSDev;
$sCode = (isset($sCode) ? $sCode : "");
$sDest = $_PATHS['data_root']."/scan_types.php";
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if(isset($_GET['type'])){
// actions
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">RESULTS</div>\n";
$sCode .= " <div class=\"w700 flt pad5 blk overflw\">\n";
$sCode .= " <div class=\"output overflw\">\n";
// load scan type
if(is_numeric($_GET['type'])){
$_GET['type'] = intval($_GET['type']);
}
if(isset($_CONTEXT['scantypes'][$_GET['type']]['file'])){
// make sure the option is enabled
$_CONTEXT[$_CONTEXT['scantypes'][$_GET['type']]['enable_var']] = true;
include_once($_PATHS['includes_root']."/".ExploitFilter($_CONTEXT['scantypes'][$_GET['type']]['file'],0,1));
$sCode .= $_CONTEXT['scandata'][$_CONTEXT['scantypes'][$_GET['type']]['output_var']]=="" ? "no issues found" : $_CONTEXT['scandata'][$_CONTEXT['scantypes'][$_GET['type']]['output_var']];
}
else{
// custom actions not defined as a normal maintenance tool (defined in DATA_DIR/scan_types.php)
switch($_GET['type']){
/* scan for changes in file structure of the hacksuite */
case"changes":
// let's see if we have the installation map that was created when the hacksuite was first installed
$sDest = "Modules/thc_xm/profiles.php";
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if(!isset($_CONTEXT['blueprints']) || !is_array($_CONTEXT['blueprints'])){
$_CONTEXT['errors'][] = "Expecting array <b>\$_CONTEXT['blueprints']</b> in <b>".$sDest."</b>";
$_CONTEXT['fatal'] = true;
include_once($_PATHS['end']);
}
else{
// let's see if the blueprint is configured
$_CONTEXT['blueprintfound'] = false;
for($x=0;$x<count($_CONTEXT['blueprints']);$x++){
if($_CONTEXT['blueprints'][$x][0]=="install" && $_CONTEXT['blueprints'][$x][1]=="thchs.map"){
$_CONTEXT['blueprintfound'] = true;
break;
}
}
}
if($_CONTEXT['blueprintfound']){
// it is configured, make sure it is there
$sDest = "Modules/thc_xm/BluePrints/thchs.map";
if(!file_exists($sDest)){
$_CONTEXT['errors'][] = "Expecting blueprint in <b>".$sDest."</b>";
$_CONTEXT['fatal'] = true;
include_once($_PATHS['end']);
}
else{
// generate javascript that sends the blueprint validation task
$sCode .= " <script>\n";
$sCode .= " \$(document).ready(function(){\n";
$sCode .= " \$.ajax({\n";
$sCode .= " type: \"POST\",\n";
$sCode .= " url: \"Modules/thc_xm/mapper.php\",\n";
$sCode .= " data: \"sProfile=thchs.map\",\n";
$sCode .= " dataType: \"json\",\n";
$sCode .= " beforeSend: function(){\n";
$sCode .= " \$(\"div.output\").html(\"please wait..\");\n";
$sCode .= " },\n";
$sCode .= " success: function(json){\n";
$sCode .= " if(json.jresult==false){\n";
$sCode .= " alert(json.jerror);\n";
$sCode .= " }\n";
$sCode .= " else{\n";
$sCode .= " \$(\"div.output\").html(json.jmessage);\n";
$sCode .= " }\n";
$sCode .= " }\n";
$sCode .= " });\n";
$sCode .= " });\n";
$sCode .= " </script>\n";
}
}
else{
$sCode = "No installation blueprint found";
}
break;
/* scan for all */
case"all":
for($iii=0;$iii<count($_CONTEXT['scantypes']);$iii++){
$_CONTEXT[$_CONTEXT['scantypes'][$iii]['enable_var']] = true;
include_once($_PATHS['includes_root']."/".ExploitFilter($_CONTEXT['scantypes'][$iii]['file'],0,1));
$sCode .= " <div class=\"emboss pad5 borderr5\"><b>".$_CONTEXT['scantypes'][$iii]['label']."</b></div>\n";
$sCode .= $_CONTEXT['scandata'][$_CONTEXT['scantypes'][$iii]['output_var']]=="" ? "no issues found" : $_CONTEXT['scandata'][$_CONTEXT['scantypes'][$iii]['output_var']];
}
break;
/* scan for evil code */
case"evil":
$sDest = "Modules/thc_ae/data/languages/php.txt";
if(!IsThere($sDest)){
include_once($_PATHS['end']);
}
else{
$aFile = @file($sDest);
$oIterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($_PATHS['root']),RecursiveIteratorIterator::CHILD_FIRST);
$iIssues = 0;
$iFilesAll = 0;
$aFiles = array();
// go through the folder
foreach($oIterator as $oPath){
$aFilesT = array();
$sFileData = "";
if(!$oPath->isDir()){
// exceptions not to scan
$sName = $oPath->getFilename();
if($sName[0]!="." && $sName!="php.txt"){
$iFilesAll++;
$sExt = (@substr($oPath->getExtension(),0,3)=="php" ? "php" : $oPath->getExtension());
// buffer all issues
if(filesize($oPath->__toString())>0){
$sFileData = file_get_contents($oPath->__toString());
$sRelative = substr($oPath->__toString(),strlen($_SERVER['DOCUMENT_ROOT']));
for($x=0;$x<count($aFile);$x++){
$aFile[$x] = trim($aFile[$x]);
$iPos = strpos($sFileData,$aFile[$x]);
if(is_int($iPos)){
$iIssues++;
if(!isset($aFilesT['file'])){
$aFilesT['file'] = $sRelative;
$aFilesT['issues'] = array();
}
$aFilesT['issues'][] = substr($sFileData,$iPos,(strpos($sFileData,"\n",$iPos)-$iPos));
}
}
}
}
}
if(isset($aFilesT['file'])){
$aFiles[] = $aFilesT;
}
}
if(false!=($iFiles = count($aFiles))){
$sCode .= " <div class=\"lst\">\n";
for($x=0;$x<$iFiles;$x++){
// issues per file
$sCode .= " <div class=\"emboss pad5 borderr5 mt10\"><a href=\"#\" class=\"viewsrc\" title=\"".$aFiles[$x]['file']."\">".$aFiles[$x]['file']."</a></div>\n";
$sCode .= " <div>\n";
for($y=0;$y<count($aFiles[$x]['issues']);$y++){
// issue description
$sCode .= " <b>".($y+1)."</b> - ".trim($aFiles[$x]['issues'][$y])."<br />\n";
}
$sCode .= " </div>\n";
}
$sCode .= " </div>\n";
}
$sCode .= " <div class=\"mt10\">Files scanned: ".$iFilesAll.", Potential Issues: ".$iIssues."</div>\n";
}
break;
default:
$sCode .= " <div>Invalid maintenance request, action doesn't exist</div>\n";
}
}
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
}
else{
// options
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">ACTIONS</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=changes\">find changes since installation</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=evil\">find potentially harmful code</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=1\">analyze log files</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=2\">find missing functions</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=3\">find obsolete result files</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=0\">find files bigger than x bytes</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=all\">do a full maintenance scan</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
}
include_once($_PATHS['style_root']."/index.php");
?>