..we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain what..
THC Sscan is a very versatile tool for scanning (html) files
<?php
/*
JSON requests for creating shells based upon user input.
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 12-11-2014
*/
$_DYNAMIC_ROOT = "../../..";
include_once("../../../header.php");
include_once("header.php");
$cTHC = new THC();
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "Invalid request received.";
if(isset($_POST['sProduct'])){
$sFile = "../".$cTHC->ExploitFilter("forums/".$_POST['sProduct'],0,1);
@include_once($sFile);
$bFail = false;
if(!isset($_SYSTEM)){
$aDataR['jmessage'] = "No shell data in this file.";
}
else{
$_OPTIONS = array();
if(isset($_POST['iEncrypt'])){
// encrypt options
if(isset($_POST['sEncrypt']) && $_POST['sEncrypt']!="normal"){
$_POST['sEncrypt']= "impossibru";
}
else{
$_POST['sEncrypt']= "normal";
}
$_OPTIONS['encrypt'] = $_POST['sEncrypt'];
}
if(isset($_POST['iSave'],$_POST['sFileName'],$_POST['sExtension'])){
// save options
$sFileName = "../../../Shells/".$cTHC->ExploitFilter($_POST['sFileName'].$_POST['sExtension'],0,1);
if(file_exists($sFileName)){
$bFail = true;
$aDataR['jmessage'] = "File already exists.";
}
else{
$_OPTIONS['shellcreate'] = $sFileName;
}
}
if(isset($_POST['iIP']) && !$bFail){
// ip options
if(!filter_var($_POST['sIP'],FILTER_VALIDATE_IP)){
$bFail = true;
$aDataR['jmessage'] = "Invalid ip address specified.";
}
else{
$_OPTIONS['ip'] = $_POST['sIP'];
}
}
if(isset($_POST['iPass']) && !$bFail){
// password options
if(!isset($_POST['sPass1'],$_POST['sPass2']) || $_POST['sPass1']=="" || $_POST['sPass1']!=$_POST['sPass2']){
$aDataR['jmessage'] = "No password specified or passwords don't match.";
$bFail = true;
}
else{
$_OPTIONS['pass'] = $_POST['sPass1'];
}
}
}
if(!$bFail){
$sResult = $cTHC->MedusaShell($_SYSTEM,$_OPTIONS);
if(is_bool($sResult)){
if(!$sResult){
$aDataR['jmessage'] = "Failed to create shell.";
}
else{
$aDataR['jmessage'] = "Successfully created shell.";
$aDataR['jresult'] = true;
}
}
else{
$aDataR['jresult'] = true;
$aDataR['jshell'] = $sResult;
}
}
}
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json; character-set=utf-8;');
die(json_encode($aDataR));
?>