..we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain what..
Creates a blueprint/map of a server folder
<?php
/*
The file index.php handles all communication between the frontend and the request handlers.
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 08-03-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
echo"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
echo"<html xmlns=\"http://www.w3.org/1999/xhtml\">\n";
echo"<head>\n";
echo"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";
echo"<title>THC Medusa White</title>\n";
echo"<link rel=\"stylesheet\" type=\"text/css\" href=\"../css/style.css\" />\n";
echo"<script type=\"text/javascript\" src=\"../../../JS/jquery-1.9.1.min.js\"></script>\n";
echo"<script type=\"text/javascript\" src=\"../../../JS/jquery.easing.js\"></script>\n";
echo"</head>\n";
echo"<body>\n";
// create the setup form
echo"<center><img src=\"../images/medusa2.png\" border=\"0\" /></center>\n";
echo"<form target=\"screen\" action=\"cracker.php\" method=\"post\">\n";
echo"<div class=\"formwrap\">\n";
echo" <div class=\"form\">\n";
echo" <div class=\"row\" id=\"def\">\n";
echo" <div class=\"iframe\"><iframe src=\"cracker.php\" width=\"0\" height=\"0\" name=\"screen\"></iframe></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\">\n";
echo" <div class=\"progress\"><div class=\"nojs red\">please enable javascript in your browser</div></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
// get products
$sSelect = "\n<select name=\"sProduct\" class=\"product\">\n";
$bProduct = false;
for($x=0;$x<count($aFiles);$x++){
if(@filesize($aFiles[$x])>0){
$bProduct = true;
include_once($aFiles[$x]);
$sSelect .= "<option value=\"".$_PROPERTIES['filename']."\">".$_PROPERTIES['name']." ".$_PROPERTIES['version']."</option>\n";
}
}
$sSelect .= "</select>\n";
echo" <div class=\"row\" id=\"def\">\n";
echo" <div class=\"text\">choose your product</div>\n";
echo" <div class=\"input\">".($bProduct ? $sSelect : "<b class=\"red\">no or invalid product definitions found!</b>")."</div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"def\">\n";
echo" <div class=\"text\">wordlists</div>\n";
echo" <div class=\"input\">".(!empty($sSelectWord) ? $sSelectWord : "<b class=\"red\">no or empty wordlists found!</b>")."</div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
if($bRecords){
echo" <div class=\"row\" id=\"connect\">\n";
echo" <div class=\"text\">connect with profile</div>\n";
echo" <div class=\"input\"><input type=\"checkbox\" class=\"profileopt\" name=\"iProfile\" value=\"1\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
}
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"db\">\n";
echo" <div class=\"text\">database user</div>\n";
echo" <div class=\"input\"><input type=\"text\" name=\"sUserDB\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"db\">\n";
echo" <div class=\"text\">database pass</div>\n";
echo" <div class=\"input\"><input type=\"password\" name=\"sPassDB\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"db\">\n";
echo" <div class=\"text\">database host</div>\n";
echo" <div class=\"input\"><input type=\"text\" name=\"sHostDB\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"db\">\n";
echo" <div class=\"text\">database name</div>\n";
echo" <div class=\"input\"><input type=\"text\" name=\"sNameDB\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"cprofile\">\n";
echo" <div class=\"text\">connections</div>\n";
echo" <div class=\"input\">".($bRecords ? $sSelectProfiles : "<b class=\"red\">no profiles found!</b>")."</div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"def2\">\n";
echo" <div class=\"text\">use default settings</div>\n";
echo" <div class=\"input\"><input type=\"checkbox\" class=\"hideoptions\" name=\"iUseDefault\" value=\"1\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"options\">\n";
echo" <div class=\"text\">username field</div>\n";
echo" <div class=\"input\"><input type=\"text\" class=\"usernamefield\" name=\"sUserNameField\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"options\">\n";
echo" <div class=\"text\">email field</div>\n";
echo" <div class=\"input\"><input type=\"text\" class=\"emailfield\" name=\"sEmailField\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"options\">\n";
echo" <div class=\"text\">hash field</div>\n";
echo" <div class=\"input\"><input type=\"text\" class=\"hashfield\" name=\"sHashField\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"options\">\n";
echo" <div class=\"text\">table name</div>\n";
echo" <div class=\"input\"><input type=\"text\" class=\"tablename\" name=\"sTableName\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"options\">\n";
echo" <div class=\"text\">table prefix</div>\n";
echo" <div class=\"input\"><input type=\"text\" class=\"tableprefix\" name=\"sTablePrefix\" value=\"\" /></div>\n";
echo" </div>\n";
echo" <div class=\"clear\"></div>\n";
echo" <div class=\"row\" id=\"submitit\">\n";
echo" <div class=\"text\"></div>\n";
echo" <div class=\"input\">".(!empty($sSelectWord) && $bProduct ? "<input type=\"submit\" name=\"submit\" class=\"submit\" value=\"Submit\" /> <a href=\"../black\">[ switch to blackhat ]</a> <a href=\"#\" class=\"cfglink\">[ database profiler ]</a>" : "")." <a href=\"../../../index.php\">[ home ]</a></div>\n";
echo" </div>\n";
echo" </div>\n";
echo"</div>\n";
echo"</form>\n";
echo"<script type=\"text/javascript\">\n";
echo"\$('.row#cprofile').hide();\n";
echo"\$('.profileopt').removeAttr(\"checked\");\n";
echo"var refreshIntervalId = '';\n";
// fetches product properties when selection changes
echo"\$(document).on(\"change\",\".product\",function(e){\n";
echo" e.preventDefault();\n";
echo" dataString = \$(this).serialize();\n";
echo" \$.ajax({\n";
echo" type: \"POST\",\n";
echo" data: dataString,\n";
echo" url: \"../forums/\"+$(this).val()+\"?JSON=1\",\n";
echo" dataType: \"json\",\n";
echo" success: function(json){\n";
echo" \$('input.usernamefield').val(json.usernamefield);\n";
echo" \$('input.emailfield').val(json.emailfield);\n";
echo" \$('input.hashfield').val(json.hashfield);\n";
echo" \$('input.tablename').val(json.tablename);\n";
echo" \$('input.tableprefix').val(json.tableprefix);\n";
echo" },\n";
echo" error: function(xhr, textStatus, errorThrown){\n";
echo" alert(errorThrown);\n";
echo" }\n";
echo" });\n";
echo"});\n";
// hide or display optional form elements
echo"\$(document).on(\"change\",\".hideoptions\",function(){\n";
echo" if(\$(this).is(\":checked\")){\n";
echo" \$('.row#options').hide();\n";
echo" }\n";
echo" else{\n";
echo" \$('.row#options').show();\n";
echo" }\n";
echo"});\n";
// hide or display connection profiles
echo"\$(document).on(\"change\",\".profileopt\",function(){\n";
echo" if(\$(this).is(\":checked\")){\n";
echo" \$('.row#db').hide();\n";
echo" \$('.row#cprofile').show();\n";
echo" }\n";
echo" else{\n";
echo" \$('.row#db').show();\n";
echo" \$('.row#cprofile').hide();\n";
echo" }\n";
echo"});\n";
// when submit is clicked check every x seconds for progress
echo"\$(document).on(\"click\",\".submit\",function(){\n";
echo" var refreshIntervalId = setInterval(function(){\n";
echo" \$.getJSON('taskreader.php', function(data) {\n";
echo" \$('.progress').html('');\n";
echo" \$.each(data, function(i,item){\n";
echo" if(\$('.task#'+i).length == 0){\n";
echo" \$('.progress').append('<div class=\"task\" id=\"'+i+'\"></div>');\n";
echo" }\n";
echo" if(item['current']==item['total'] && item['current']>0){\n";
echo" if(item['matches']==0){\n";
echo" \$('.task#'+i).html('<div><b>'+item['start']+'</b> '+item['product']+' '+item['version']+' - <b>found:</b> '+item['matches']+' - <b>no weak passwords found</b> - <a href=\"#\" class=\"removeid\" id=\"'+item['identifier']+'\">remove this task</a></div>');\n";
echo" }\n";
echo" else{\n";
echo" \$('.task#'+i).html('<div><b>'+item['start']+'</b> '+item['product']+' '+item['version']+' - <b>found:</b> '+item['matches']+' - <a href=\"#\" class=\"emailid\" id=\"'+item['identifier']+'\">send users an email</a> - <a href=\"#\" class=\"removeid\" id=\"'+item['identifier']+'\">remove this task</a></div>');\n";
echo" }\n";
echo" }\n";
echo" else{\n";
echo" \$('.task#'+i).html('<div><b>'+item['start']+'</b> '+item['product']+' '+item['version']+' - ('+item['current']+'/'+item['total']+') - <b>found:</b> '+item['matches']+' - <b>last:</b> '+item['last_user']+'</div>');\n";
echo" }\n";
echo" });\n";
echo" });\n";
echo" },1900);\n";
echo"});\n";
// prepare email form
echo"\$(document).on(\"click\",\"a.emailid\",function(e){\n";
echo" e.preventDefault();\n";
echo" \$('.progress').after('<div class=\"email\"></div>');\n";
echo" \$('.progress').remove();\n";
echo" \$('.row#options').remove();\n";
echo" \$('.row#submitit').remove();\n";
echo" \$('.row#def').remove();\n";
echo" \$('.row#db').remove();\n";
echo" \$('.row#connect').remove();\n";
echo" \$('.row#cprofile').remove();\n";
echo" \$('.row#def2').remove();\n";
echo" \$('.email').append('<form class=\"wiebenzin\"><textarea rows=\"20\" cols=\"73\"></textarea><input type=\"hidden\" name=\"sendemail\" value=\"'+\$(this).attr('id')+'\" /><input type=\"submit\" name=\"notify\" class=\"submitmail\" value=\"Notify Users\" /></form>');\n";
echo" \$('textarea').load('templates/email.txt');\n";
echo" clearInterval(refreshIntervalId);\n";
echo"});\n";
// make a configuration settings link using a form as we need to make a post request and I don't like buttons
echo"\$(\".cfglink\").click(function(e){\n";
echo" e.preventDefault();\n";
echo" var form = \$('<form action=\"../../../configuration.php\" method=\"post\">' + '<input type=\"hidden\" name=\"iCFG\" value=\"13\" />' + '</form>');\n";
echo" \$('body').append(form);\n";
echo" \$(form).submit();\n";
echo"});\n";
// remove task item
echo"\$(document).on(\"click\",\"a.removeid\",function(e){\n";
echo" e.preventDefault();\n";
echo" \$.ajax({\n";
echo" type: \"GET\",\n";
echo" url: \"handler.php?removetask=\"+\$(this).attr('id'),\n";
echo" dataType: \"json\",\n";
echo" success: function(json){\n";
echo" if(!json.jresult){\n";
echo" alert(json.jmessage);\n";
echo" }\n";
echo" },\n";
echo" error: function(xhr, textStatus, errorThrown){\n";
echo" alert(errorThrown);\n";
echo" }\n";
echo" });\n";
echo"});\n";
// submit mail request
echo"\$(document).on(\"click\",\"input.submitmail\",function(e){\n";
echo" e.preventDefault();\n";
echo" \$('form.wiebenzin').submit();\n";
echo"});\n";
// send notify emails
echo"\$(document).on(\"submit\",\"form.wiebenzin\",function(event){\n";
echo" event.preventDefault();\n";
echo" dataString = \$(this).serialize();\n";
echo" \$.ajax({\n";
echo" type: \"POST\",\n";
echo" data: dataString,\n";
echo" url: \"handler.php\",\n";
echo" dataType: \"json\",\n";
echo" success: function(json){\n";
echo" if(json.jresult){\n";
echo" \$('form.wiebenzin').remove();\n";
echo" \$('.form').append(json.jmessage);\n";
echo" }\n";
echo" else{\n";
echo" alert(json.jmessage);\n";
echo" }\n";
echo" },\n";
echo" error: function(xhr, textStatus, errorThrown){\n";
echo" alert(errorThrown);\n";
echo" }\n";
echo" });\n";
echo"});\n";
// remove no javascript message, if it's still there then no js is enabled
echo"\$('div.nojs').remove();\n";
echo"</script>\n";
echo"</body>\n";
echo"</html>";
?>