..going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the suite. We are..
THC Sscan is a very versatile tool for scanning (html) files
<?php
/*
The file shellmanager.php creates an interface for managing and creating shells
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 19-04-2015
*/
if(!defined("IN_SCRIPT")){
exit;
}
echo"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo"<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
echo"<head>\n";
echo"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
echo"<title>THC Medusa Black Shell Manager</title>\n";
echo"<link rel=\"stylesheet\" type=\"text/css\" href=\"../css/style.css\" />\n";
echo"<script type=\"text/javascript\" src=\"../../../JS/jquery-1.9.1.min.js\"></script>\n";
echo"<script type=\"text/javascript\" src=\"../../../JS/jquery.easing.js\"></script>\n";
echo"</head>\n";
echo"<body>\n";
// create the setup form
echo"<center><img src=\"../images/medusa2.png\" border=\"0\" /></center>\n";
echo"<form method=\"post\" class=\"formmanager\">\n";
echo"<div class=\"formwrap\">\n";
echo" <div class=\"form\">\n";
echo" <div class=\"row\">\n";
echo" <div class=\"progress\"><div class=\"nojs red\">please enable javascript in your browser</div></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
// get products
$sSelect = "\n<select name=\"sProduct\" class=\"product\">\n";
$bProduct = false;
for($x=0;$x<count($aFiles);$x++){
if(filesize($aFiles[$x])>0){
$bProduct = true;
include($aFiles[$x]);
$sSelect .= "<option value=\"".$_PROPERTIES['filename']."\">".$_PROPERTIES['name']." ".$_PROPERTIES['version']."</option>\n";
}
}
$sSelect .= "</select>\n";
echo" <div class=\"row\" id=\"def\">\n";
echo" <div class=\"text\">choose your product</div>\n";
echo" <div class=\"input\">".($bProduct ? $sSelect : "<b class=\"red\">no or invalid product definitions found!</b>")."</div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"def2\">\n";
echo" <div class=\"text\">encrypt shell</div>\n";
echo" <div class=\"input\"><input type=\"checkbox\" class=\"encrypt\" name=\"iEncrypt\" value=\"1\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"def2\">\n";
echo" <div class=\"text\">save shell</div>\n";
echo" <div class=\"input\"><input type=\"checkbox\" class=\"savefile\" name=\"iSave\" value=\"1\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"def2\">\n";
echo" <div class=\"text\">restrict ip access</div>\n";
echo" <div class=\"input\"><input type=\"checkbox\" class=\"iip\" name=\"iIP\" value=\"1\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"def2\">\n";
echo" <div class=\"text\">restrict pass access</div>\n";
echo" <div class=\"input\"><input type=\"checkbox\" class=\"ipass\" name=\"iPass\" value=\"1\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"options\">\n";
echo" <div class=\"text\">name of file</div>\n";
echo" <div class=\"input\"><input type=\"text\" class=\"filename\" name=\"sFileName\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"options\">\n";
echo" <div class=\"text\">extension of file</div>\n";
echo" <div class=\"input\"><input type=\"text\" class=\"extension\" name=\"sExtension\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"ip\">\n";
echo" <div class=\"text\">ip address</div>\n";
echo" <div class=\"input\"><input type=\"text\" class=\"sip\" name=\"sIP\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"pass\">\n";
echo" <div class=\"text\">password</div>\n";
echo" <div class=\"input\"><input type=\"password\" class=\"pass1\" name=\"sPass1\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"pass\">\n";
echo" <div class=\"text\">password again</div>\n";
echo" <div class=\"input\"><input type=\"password\" class=\"pass2\" name=\"sPass2\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
$sSelect = "\n<select name=\"sEncrypt\" class=\"encryptit\">\n";
$sSelect .= "<option value=\"normal\">normal</option>\n";
$sSelect .= "<option value=\"impossibru\">impossibru!</option>\n";
$sSelect .= "</select>\n";
echo" <div class=\"row\" id=\"encrypt\">\n";
echo" <div class=\"text\">encryption strength</div>\n";
echo" <div class=\"input\">".$sSelect."</div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"submitit\">\n";
echo" <div class=\"text\"></div>\n";
echo" <div class=\"input\">".($bProduct ? "<input type=\"submit\" name=\"submit\" class=\"submit\" value=\"Submit\" /> <a href=\"../white\">[ whitehat ]</a> <a href=\"#\" class=\"cfglink\">[ database profiler ]</a> <a href=\"#\" class=\"cfglink2\">[ shells ]</a> <a href=\"index.php\">[ main ]</a> <a href=\"../../../index.php\">[ home ]</a>" : "")."</div>\n";
echo" </div>\n";
echo" </div>\n";
echo"</div>\n";
echo"</form>\n";
echo"<script type=\"text/javascript\">\n";
echo"\$('.encrypt').removeAttr(\"checked\");\n";
echo"\$('.savefile').removeAttr(\"checked\");\n";
echo"\$('.iip').removeAttr(\"checked\");\n";
echo"\$('.ipass').removeAttr(\"checked\");\n";
echo"\$('.row#options').hide();\n";
echo"\$('.row#ip').hide();\n";
echo"\$('.row#pass').hide();\n";
echo"\$('.row#encrypt').hide();\n";
// encrypt options
echo"\$(document).on(\"change\",\".encrypt\",function(){\n";
echo" if(\$(this).is(\":checked\")){\n";
echo" \$('.row#encrypt').show();\n";
echo" }\n";
echo" else{\n";
echo" \$('.row#encrypt').hide();\n";
echo" }\n";
echo"});\n";
// save file options
echo"\$(document).on(\"change\",\".savefile\",function(){\n";
echo" if(\$(this).is(\":checked\")){\n";
echo" \$('.row#options').show();\n";
echo" }\n";
echo" else{\n";
echo" \$('.row#options').hide();\n";
echo" }\n";
echo"});\n";
// ip options
echo"\$(document).on(\"change\",\".iip\",function(){\n";
echo" if(\$(this).is(\":checked\")){\n";
echo" \$('.row#ip').show();\n";
echo" }\n";
echo" else{\n";
echo" \$('.row#ip').hide();\n";
echo" }\n";
echo"});\n";
// password options
echo"\$(document).on(\"change\",\".ipass\",function(){\n";
echo" if(\$(this).is(\":checked\")){\n";
echo" \$('.row#pass').show();\n";
echo" }\n";
echo" else{\n";
echo" \$('.row#pass').hide();\n";
echo" }\n";
echo"});\n";
// fetches product properties when selection changes
echo"\$(document).on(\"submit\",\"form.formmanager\",function(e){\n";
echo" e.preventDefault();\n";
echo" dataString = \$(this).serialize();\n";
echo" \$.ajax({\n";
echo" type: \"POST\",\n";
echo" data: dataString,\n";
echo" url: \"shellhandler.php\",\n";
echo" dataType: \"json\",\n";
echo" success: function(json){\n";
echo" if(json.jshell){\n";
echo" \$('.form').after(json.jshell);\n";
echo" \$('.form').remove();\n";
echo" }\n";
echo" else{\n";
echo" alert(json.jmessage);\n";
echo" }\n";
echo" },\n";
echo" error: function(xhr, textStatus, errorThrown){\n";
echo" alert(errorThrown);\n";
echo" }\n";
echo" });\n";
echo"});\n";
// make a configuration settings link using a form as we need to make a post request and I don't like buttons
echo"\$(\".cfglink\").click(function(e){\n";
echo" e.preventDefault();\n";
echo" var form = \$('<form action=\"../../../configuration.php\" method=\"post\">' + '<input type=\"hidden\" name=\"iCFG\" value=\"13\" />' + '</form>');\n";
echo" \$('body').append(form);\n";
echo" \$(form).submit();\n";
echo"});\n";
// make a configuration settings link using a form as we need to make a post request and I don't like buttons
echo"\$(\".cfglink2\").click(function(e){\n";
echo" e.preventDefault();\n";
echo" var form = \$('<form action=\"../../../configuration.php\" method=\"post\">' + '<input type=\"hidden\" name=\"iCFG\" value=\"14\" />' + '</form>');\n";
echo" \$('body').append(form);\n";
echo" \$(form).submit();\n";
echo"});\n";
// remove no javascript message, if it's still there then no js is enabled
echo"\$('div.nojs').remove();\n";
echo"</script>\n";
echo"</body>\n";
echo"</html>";
?>