..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain..
THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data
<?php
/* Control center maintenance scan
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
// check if the user allow time based maintenance scans
if($_CONTEXT['allow_maintenance_scan']){
$_CONTEXT['scannow'] = false;
if(!isset($_CONTEXT['useraccessdata']['last_scan'])){
$_CONTEXT['errors'][] = "Expecting variable last_scan to be \$_CONTEXT['useraccessdata']['last_scan'] to be loaded.";
$_CONTEXT['fatal'] = true;
include_once($_PATHS['end']);
}
else{
if($_CONTEXT['useraccessdata']['last_scan']==0 || (time()-$_CONTEXT['useraccessdata']['last_scan']>$_CONTEXT['nextscanseconds'])){
$_CONTEXT['scannow'] = true;
}
}
if(!isset($sCode)){
$sCode = "";
}
if($_CONTEXT['scannow']){
// labels for html headers
$_CONTEXT['scanlabel'] = array();
// results for scan
$_CONTEXT['scandata'] = array();
// determines whether to load the index or the results of this scan
$_CONTEXT['scanresults'] = false;
$sDest = $_PATHS['data_root']."/scan_types.php";
(!IsThere($sPage) ? include_once($_PATHS['end']) : include_once($sDest));
if(isset($_CONTEXT['scantypes'])){
for($ii=0;$ii<count($_CONTEXT['scantypes']);$ii++){
if($_CONTEXT[$_CONTEXT['scantypes'][$ii]['enable_var']]){
include_once($_PATHS['includes_root']."/".ExploitFilter($_CONTEXT['scantypes'][$ii]['file'],0,1));
}
}
}
// output scan results
foreach($_CONTEXT['scandata'] as $sKey=>$sValue){
if($sValue!=""){
$_CONTEXT['scanresults'] = true;
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">".$_CONTEXT['scanlabel'][$sKey]."</div>\n";
$sCode .= " <div class=\"w700 flt pad5 blk overflw\">\n";
$sCode .= " <div class=\"overflw\">\n".$sValue;
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
}
}
$sDest = $_PATHS['functions_root']."/fwrite.php";
(!IsThere($sPage) ? include_once($_PATHS['end']) : include_once($sDest));
// the automatic scan is the only scan that will update the file LOGS_DIR/log_activity.php
$sNewD = "<?php\n";
$sNewD .= "/* Activity log\n\n";
$sNewD .= "Author: Remco Kouw\n";
$sNewD .= "Site: http://www.hacksuite.com\n";
$sNewD .= "Last Edit: ".date('d-m-Y',time())."\n";
$sNewD .= "*/\n";
$sNewD .= "if(!defined('IN_SCRIPT')){\n";
$sNewD .= "\texit;\n";
$sNewD .= "}\n";
$sNewD .= "\$_CONTEXT['useraccessdata'] = array();\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['installed'] = ".$_CONTEXT['useraccessdata']['installed'].";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['last_update'] = ".time().";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['ip'] = array(\"".$_SERVER['REMOTE_ADDR']."\");\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['last_scan'] = ".time().";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['action'] = \"".$_CONTEXT['useraccessdata']['action']."\";\n";
$sNewD .= "?>";
if(!WriteF($_PATHS['log_root']."/log_activity.php",$sNewD,"w")){
include_once($_PATHS['end']);
}
}
}
?>