random gallery image
random tutorial
preview

..I will show you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in..

read more

random stress testing
HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/* Handles all development actions and returns results as a JSON encoded value

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 02-04-2015
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
$_DYNAMIC_ROOT "..";
include_once(
"../header.php");
include_once(
"../Modules/thc_ss/properties.php");
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jerror'] = "Invalid post data";
if(isset(
$_POST['sName']) && isset($_POST['sAbbr']) && isset($_POST['sDescription']) && isset($_POST['sVersion']) && isset($_POST['sAuthor'])){
    
/* create new module */
    
$sName trim(strip_tags($_POST['sName']));
    
$sAbbr trim(strip_tags(strtolower($_POST['sAbbr'])));
    
$sDescription trim(strip_tags($_POST['sDescription']));
    
$sVersion trim(strip_tags($_POST['sVersion']));
    
$sAuthor trim(strip_tags($_POST['sAuthor']));
    
$sCatMod trim(strip_tags($_POST['sModCat']));
    
$_CONTEXT['moddir'] = "../Modules/".$sAbbr;
    
// validate
    
if(strlen($sAbbr)==6){
        if(!
preg_match('/^thc_[a-z]{2}$/',$sAbbr)){
            
// wrong abbreviation
            
$aDataR['jerror'] = "Invalid abbreviation, for example use thc_<i>xx</i>";
        }
        else{
            if(!
preg_match('/^(\d+\.){2}(\d+)$/',$sVersion)){
                
// wrong version
                
$aDataR['jerror'] = "Invalid format, valid versions are i:i:i";
            }
            else{
                if(
strlen($sDescription)<10 || strlen($sDescription)>70){
                    
// exceeded maximum or lower than minimum (description)
                    
$aDataR['jerror'] = "Description can be up to 70 characters long with a minimum of 10 characters";
                }
                else{
                    if(
strlen($sAuthor)<|| strlen($sAuthor)>50){
                        
// exceeded maximum or lower than minimum (author)
                        
$aDataR['jerror'] = "Author can be up to 50 characters long with a minimum of 4 characters";
                    }
                    else{
                        if(!isset(
$_CONTEXT['modcats'][$sCatMod])){
                            
$aDataR['jerror'] = "Invalid module category";
                        }
                        else{
                            if(
strlen($sName)<|| strlen($sName)>25){
                                
// exceeded maximum or lower than minimum (module name)
                                
$aDataR['jerror'] = "Module name can be up to 50 characters long with a minimum of 1 character";
                            }
                            else{
                                
$_CONTEXT['modstaged'] = "../Modules/".$sAbbr;
                                if(!
is_dir($_CONTEXT['modstaged'])){
                                    if(!
function_exists("GetDirByDir")){
                                        
$sDest "../Functions/getdirbydir.php";
                                        include_once(
$sDest);
                                    }
                                    
$bPass true;
                                    
$aDirs GetDirByDir("../Modules",0);
                                    for(
$x=0;$x<count($aDirs);$x++){
                                        if(
substr($aDirs[$x],0,4)=="thc_"){
                                            @include_once(
"../".$aDirs[$x]."/setup.php");
                                            if(isset(
$aProperties['name']) && $aProperties['name']==$sName){
                                                
$bPass false;
                                                break;
                                            }
                                        }
                                    }
                                    if(
$bPass){
                                        if(
false===@mkdir($_CONTEXT['modstaged'],0777)){
                                            
$aDataR['jerror'] = "Unable to create: ".$_CONTEXT['moddir'];
                                        }
                                        else{
                                            if(!
function_exists("WriteF")){
                                                
$sDest "../Functions/fwrite.php";
                                                include_once(
$sDest);
                                            }
                                            
// template
                                            
$_CONTEXT['setuptemplate'] = "<?php\n";
                                            
$_CONTEXT['setuptemplate'] .= "/* properties for module */\n";
                                            
$_CONTEXT['setuptemplate'] .= "\$aProperties = array();\n";
                                            
$_CONTEXT['setuptemplate'] .= "\$aProperties['name'] = \"".$sName."\";\n";
                                            
$_CONTEXT['setuptemplate'] .= "\$aProperties['version'] = \"".$sVersion."\";\n";
                                            
$_CONTEXT['setuptemplate'] .= "\$aProperties['author'] = \"".$sAuthor."\";\n";
                                            
$_CONTEXT['setuptemplate'] .= "\$aProperties['description'] = \"".$sDescription."\";\n";
                                            
$_CONTEXT['setuptemplate'] .= "\$aProperties['category'] = \"".$sCatMod."\";\n";
                                            
$_CONTEXT['setuptemplate'] .= "?>\n";
                                            
// write file
                                            
$aDataR['jresult'] = (!WriteF($_CONTEXT['moddir']."/setup.php",$_CONTEXT['setuptemplate'],"w") ? false true);
                                            
$aDataR['jmodname'] = $sAbbr;
                                        }
                                    }
                                    else{
                                        
// module name does already exist
                                        
$aDataR['jerror'] = "Module name already exists";
                                    }
                                }
                                else{
                                    
$aDataR['jerror'] = "Module path already exists";
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    else{
        
// wrong abbreviation
        
$aDataR['jerror'] = "Invalid abbreviation name";
    }
}
elseif(isset(
$_POST['sIndex']) && isset($_POST['sModName'])){
    
/* add content to module */
    
if(!function_exists("WriteF")){
        
$sDest "../Functions/fwrite.php";
        include_once(
$sDest);
    }
    
$_POST['sModName'] = trim($_POST['sModName']);
    if(!
preg_match('/^thc_[a-z]{2}$/',$_POST['sModName'])){
        
// wrong module name
        
$aDataR['jerror'] = "Invalid module name";
    }
    else{
        
$bPass true;
        
$_POST['sIndex'] = trim($_POST['sIndex']);
        
$sStart = @substr($_POST['sIndex'],0,5);
        
$sEnd = @substr($_POST['sIndex'],strlen($_POST['sIndex'])-2);
        
$iPos = @strpos($_POST['sIndex'],"\$sCode");
        
$_CONTEXT['moddir'] = "../Modules/".$_POST['sModName'];
        if(
$sStart=="<?php" && $sEnd=="?>"){
            if(
$iPos>0){
                
$aDataR['jresult'] = (!WriteF($_CONTEXT['moddir']."/index.php",$_POST['sIndex'],"w") ? false true);
            }
            else{
                
// expecting output in variable $sCode
                
$aDataR['jerror'] = "You need to define your output in variable \$sCode";
            }
        }
        else{
            
// 'invalid' php syntax
            
$aDataR['jerror'] = "Filename must have proper open and close php tags at start and end of file";
        }
        
// write index file
        
$aDataR['jmoddone'] = ($aDataR['jresult']==true "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Successfully created module, you can now <a href=\"index.php?module=".$_POST['sModName']."\">try if it works</a>.</div>" $aDataR['jerror']);
    }
}
elseif(isset(
$_POST['sRelLoc'])){
    
/* create new app */
    
$sName trim(strip_tags($_POST['sName']));
    
$sRelLoc ExploitFilter(trim($_POST['sRelLoc']),0,1);
    
// remove trailing and leading slashes in $sRelLoc and $sRealLoc
    
if(false==($iLength strlen($sRelLoc))){
        
// empty installation location
        
$aDataR['jerror'] = "Empty installation location";
        die(
json_encode($aDataR));
    }
    
$sRelLoc = ($sRelLoc[$iLength-1]=="/" substr($sRelLoc,0,-1) : $sRelLoc);
    if(
preg_match('/^thc_[a-z]{2}$/',$sRelLoc)){
        
// can't install a module as an app
        
$aDataR['jerror'] = "Can't install a module as an app";
        die(
json_encode($aDataR));
    }
    
$sRealLoc = @str_replace("//","/",$_PATHS['root']."/Apps/".$sRelLoc);
    
$sVersion = @trim(strip_tags($_POST['sVersion']));
    
$sAuthor = @trim(strip_tags($_POST['sAuthor']));
    
$sDescription = @trim(strip_tags($_POST['sDescription']));
    
$iName strlen($sName);
    
$bPass false;
    
// validate name field
    
if(!$iName || $iName>25){
        
// invalid name size
        
$aDataR['jerror'] = "Invalid name size";
        die(
json_encode($aDataR));
    }
    
$bUsed false;
    
// check if app name is already being used
    
for($x=0;$x<count($aExtra);$x++){
        if(
$aExtra[0]==$sName){
            
$bUsed true;
            break;
        }
    }
    if(
$bUsed){
        
// name is already used
        
$aDataR['jerror'] = "Name is already used";
        die(
json_encode($aDataR));
    }
    
// check directory
    
if(is_dir($sRealLoc)){
        
// directory already exists, is it a reserved directory?
        
include_once("../Data/reserved.php");
        
$sAppPath substr($sRealLoc,strlen($_PATHS['root']));
        if(!
function_exists("WriteF")){
            
$sDest "../Functions/fwrite.php";
            include_once(
$sDest);
        }
        if(!
in_array($sAppPath,$_CONTEXT['reserved'])){
            
// ok it's 'safe' to go on, find setup so the program is recognizable(we don't need it here now though)
            
if(!file_exists($sRealLoc."/setup.php")){
                
// oops...not there
                
$aDataR['jerror'] = "You need to create a setup file in order to launch an app";
                die(
json_encode($aDataR));
            }
            
// got the setup file, let's bind the program to the environment
            
$sTemplate "<?php\n";
            
$sTemplate .= "/*\n";
            
$sTemplate .= "Installed apps\n\n";
            
$sTemplate .= "Author: Remco Kouw\n";
            
$sTemplate .= "Site: http://www.hacksuite.com\n";
            
$sTemplate .= "Last Edit: ".date('d-m-Y',time())."\n";
            
$sTemplate .= "*/\n";
            
$sTemplate .= "if(!defined('IN_SCRIPT')){\n";
            
$sTemplate .= "\texit;\n";
            
$sTemplate .= "}\n";
            
$sTemplate .= "\$aExtra = array();\n";
            if(
0!=($iExtra = @count($aExtra))){
                for(
$x=0;$x<$iExtra;$x++){
                    
$sTemplate .= "\$aExtra[".$x."] = array(\"".$aExtra[$x][0]."\",\"".$aExtra[$x][1]."\");\n";
                }
            }
            
// now add the new item
            
$sTemplate .= "\$aExtra[".$iExtra."] = array(\"".$sName."\",\"".$sRelLoc."\");\n";
            
$sTemplate .= "?>";
            if(!
WriteF("../Data/extra.php",$sTemplate,"w")){
                
// update failed
                
$aDataR['jerror'] = "Failed to bind the existing app in data directory (extra.php), you can try manually";
                die(
json_encode($aDataR));
            }
            
// binded successfully
            
$aDataR['jresult'] = true;
            
$aDataR['jappname'] = $sName;
            
$aDataR['japplocation'] = $sRelLoc;
        }
        else{
            
// this is a reserved directory, so can't install in here
            
$aDataR['jerror'] = "This is a reserved directory, so can't install in here";
            die(
json_encode($aDataR));
        }
    }
    else{
        
// directory doesn't exist, let's create the app then
        
if(strlen($sAuthor)<|| strlen($sAuthor)>50){
            
// exceeded maximum or lower than minimum (author)
            
$aDataR['jerror'] = "Author can be up to 50 characters long with a minimum of 4 characters";
            die(
json_encode($aDataR));
        }
        
// is version valid?
        
if(!preg_match('/^(\d+\.){2}(\d+)$/',$sVersion)){
            
// wrong version
            
$aDataR['jerror'] = "Invalid format, valid versions are i:i:i";
            die(
json_encode($aDataR));
        }
        if(
strlen($sDescription)<10 || strlen($sDescription)>70){
            
// exceeded maximum or lower than minimum (description)
            
$aDataR['jerror'] = "Description can be up to 70 characters long with a minimum of 10 characters";
            die(
json_encode($aDataR));
        }
        
$_CONTEXT['appstaged'] = $sRealLoc;
        if(
false===@mkdir($sRealLoc,0777)){
            
$aDataR['jerror'] = "Unable to create: ".$_CONTEXT['appstaged'];
            die(
json_encode($aDataR));
        }
        if(!
function_exists("WriteF")){
            
$sDest "../Functions/fwrite.php";
            include_once(
$sDest);
        }
        
// template
        
$_CONTEXT['setuptemplate'] = "<?php\n";
        
$_CONTEXT['setuptemplate'] .= "/*\n";
        
$_CONTEXT['setuptemplate'] .= "Properties for ".$sName."\n\n";
        
$_CONTEXT['setuptemplate'] .= "Author: ".$sAuthor."\n";
        
$_CONTEXT['setuptemplate'] .= "Site: http://www.hacksuite.com\n";
        
$_CONTEXT['setuptemplate'] .= "Last Edit: ".date('d-m-Y',time())."\n";
        
$_CONTEXT['setuptemplate'] .= "*/\n";
        
$_CONTEXT['setuptemplate'] .= "\$aProperties = array();\n";
        
$_CONTEXT['setuptemplate'] .= "\$aProperties['name'] = \"".$sName."\";\n";
        
$_CONTEXT['setuptemplate'] .= "\$aProperties['version'] = \"".$sVersion."\";\n";
        
$_CONTEXT['setuptemplate'] .= "\$aProperties['author'] = \"".$sAuthor."\";\n";
        
$_CONTEXT['setuptemplate'] .= "\$aProperties['location'] = \"".$sRelLoc."\";\n";
        
$_CONTEXT['setuptemplate'] .= "\$aProperties['description'] = \"".$sDescription."\";\n";
        
$_CONTEXT['setuptemplate'] .= "?>\n";
        
// write file
        
$aDataR['jresult'] = (!WriteF($sRealLoc."/setup.php",$_CONTEXT['setuptemplate'],"w") ? false true);
        
$aDataR['jappname'] = $sName;
        
$aDataR['japplocation'] = $sRelLoc;
    }
}
elseif(isset(
$_POST['sIndexM']) && isset($_POST['sAppName']) && isset($_POST['sAppLocation'])){
    
/* add content to app */
    
if(!function_exists("WriteF")){
        
$sDest "../Functions/fwrite.php";
        include_once(
$sDest);
    }    
    
$sName ExploitFilter($_POST['sAppName'],1,0);
    
$sRelLoc ExploitFilter($_POST['sAppLocation'],0,1);
    if(!
preg_match('/^thc_[a-z]{2}$/',$_POST['sAppName'])){
        
// not a module name
        
$_POST['sIndexM'] = trim($_POST['sIndexM']);
        
$sStart = @substr($_POST['sIndexM'],0,5);
        
$sEnd = @substr($_POST['sIndexM'],strlen($_POST['sIndexM'])-2);
        
$_CONTEXT['appdir'] = "../Apps/".$sRelLoc;
        if(
$sStart=="<?php" && $sEnd=="?>"){
            
$aDataR['jresult'] = (!WriteF($_CONTEXT['appdir']."/index.php",$_POST['sIndexM'],"w") ? false true);
            if(
$aDataR['jresult']){
                
// template the extra pages
                
$sTemplate "<?php\n";
                
$sTemplate .= "/*\n";
                
$sTemplate .= "Installed apps\n\n";
                
$sTemplate .= "Author: Remco Kouw\n";
                
$sTemplate .= "Site: http://www.hacksuite.com\n";
                
$sTemplate .= "Last Edit: ".date('d-m-Y',time())."\n";
                
$sTemplate .= "*/\n";
                
$sTemplate .= "if(!defined('IN_SCRIPT')){\n";
                
$sTemplate .= "\texit;\n";
                
$sTemplate .= "}\n";
                
$sTemplate .= "\$aExtra = array();\n";
                if(
0!=($iExtra = @count($aExtra))){
                    for(
$x=0;$x<$iExtra;$x++){
                        
$sTemplate .= "\$aExtra[".$x."] = array(\"".$aExtra[$x][0]."\",\"".$aExtra[$x][1]."\");\n";
                    }
                }
                
// now add the new item
                
$sTemplate .= "\$aExtra[".$iExtra."] = array(\"".$sName."\",\"Apps/".$sRelLoc."\");\n";
                
$sTemplate .= "?>";
                if(!
WriteF("../Data/extra.php",$sTemplate,"w")){
                    
// update failed
                    
$aDataR['jerror'] = "Failed to bind the existing app in data directory (extra.php), you can try manually";
                }
                else{
                    
// binded successfully
                    
$aDataR['jresult'] = true;
                    
$aDataR['jappname'] = $sName;
                }
            }
            else{
                
$aDataR['jerror'] = "Failed to create index.php file";
            }
        }
        else{
            
// 'invalid' php syntax
            
$aDataR['jerror'] = "Filename must have proper open and close php tags at start and end of file";
        }
        
// write index file
        
$aDataR['jappdone'] = ($aDataR['jresult']==true "Successfully created application, you can now <a href=\"Apps/".$sRelLoc."\">try if it works</a>." $aDataR['jerror']);
    }
    else{
        
// can't be a module name
        
$aDataR['jerror'] = "You can't use a module as an application";
    }
}
elseif(isset(
$_POST['sCallback'])){
    
/* create a callback */
    
$sLoc = @trim(strip_tags($_POST['sLoc']));
    
$iInterval = @intval($_POST['iInterval']);
    
$iScan = @intval($_POST['iScan']);
    
$iNotify = @intval($_POST['iNotify']);
    
$iScanTime = @intval($_POST['iScanSec']);
    
// don't you just hate using post variables directly? Uhm I do.. ;)
    
$sSearch = @$_POST['sSearch'];
    
$sMethod = @$_POST['sMethod'];
    
$sEmail = @$_POST['sEmail'];
    
$sEmailT = @$_POST['sEmailT'];
    
$sLogFile = @$_POST['sLogFile'];
    
$iKill = @intval($_POST['iKill']);
    
$iRegex = @intval($_POST['iRegex']);
    
$sLogTemplate = @$_POST['sLogTemplate'];
    
$sCallback $_POST['sCallback'];
    
$sSendVars $_POST['sSendVars'];
    
$sScanUrl $_POST['sScanUrl'];
    if(!@
preg_match('/^[0-9a-zA-z_\-]+\.php$/',$sLoc)){
        
// invalid filename for callback function
        
$aDataR['jerror'] = "Invalid filename for callback function";
        die(
json_encode($aDataR));
    }
    if(@
stripos($sCallback,"function Callbck(")===false){
        
// missing callback function
        
$aDataR['jerror'] = "Missing callback function";
        die(
json_encode($aDataR));
    }
    
$aUrl = @parse_url($sScanUrl);
    if(!isset(
$aUrl['host']) || !strlen($aUrl['host'])){
        
// no host specified
        
$aDataR['jerror'] = "No host specified";
        die(
json_encode($aDataR));
    }
    if(
$sSearch==""){
        
// insert a string or pattern to search for
        
$aDataR['jerror'] = "Insert a string or pattern to search for";
        die(
json_encode($aDataR));
    }
    if(
$iScan>2){
        
// only applies to temporary scans
        
if($iInterval!==false){
            if(
$iInterval<0){
                
// interval must be a number above 0
                
$aDataR['jerror'] = "Interval must be a number above 0";
                die(
json_encode($aDataR));
            }
            elseif(
$iInterval>$iScanTime){
                
// interval must be lower than total scan time
                
$aDataR['jerror'] = "Interval must be lower than total scan time";
                die(
json_encode($aDataR));
            }
            elseif(!
is_int($iInterval)){
                
// invalid value for interval
                
$aDataR['jerror'] = "Invalid value for interval";
                die(
json_encode($aDataR));
            }
        }
    }
    if(
$iNotify==1){
        
// send mail
        
if(!@filter_var($sEmail,FILTER_VALIDATE_EMAIL)){
            
// invalid email specified
            
$aDataR['jerror'] = "Invalid email specified";
            die(
json_encode($aDataR));
        }
        else{
            if(
$sEmailT!=""){
                
// email template
                
$sDest "../Modules/thc_ss/EMAILT/".$sEmailT;
                if(@
file_exists($sDest)){
                    @include_once(
$sDest);
                    if(!
function_exists("TemplateEmail")){
                        
// email template function <b>TemplateEmail</b> doesn't exist
                        
$aDataR['jerror'] = "Email template function <b>TemplateEmail</b> doesn't exist";
                        die(
json_encode($aDataR));
                    }
                }
                else{
                    
// email template doesn't exist
                    
$aDataR['jerror'] = "Email template doesn't exist";
                    die(
json_encode($aDataR));
                }
            }
            else{
                
// no email template specified
                
$aDataR['jerror'] = "No email template specified";
                die(
json_encode($aDataR));
            }
        }
    }
    elseif(
$iNotify==2){
        if(
$sLogTemplate!=""){
            
// log template
            
$sDest "../Modules/thc_ss/LOGT/".$sLogTemplate;
            if(!@
file_exists($sDest)){
                
// log template file doesn't exist
                
$aDataR['jerror'] = "Log template file doesn't exist";
                die(
json_encode($aDataR));
            }
            
// log results to a file
            
if($sLogFile!=""){
                
// log file
                
$sDest "../thc_ss/LOGS/".$sLogFile;
                if(!@
file_exists($sDest)){
                    
// logfile doesn't exist
                    
$aDataR['jerror'] = "Logfile doesn't exist";
                    die(
json_encode($aDataR));
                }
            }
            else{
                
// no logfile specified
                
$aDataR['jerror'] = "No logfile specified";
                die(
json_encode($aDataR));
            }
        }
        else{
            
// no logtemplate specified
            
$aDataR['jerror'] = "No logfile specified";
            die(
json_encode($aDataR));
        }
    }
    
$bContinue true;
    if(!
function_exists("GetFilesByDirectory")){
        include_once(
"../Functions/getfilebydir.php");
    }
    
$aFiles GetFilesByDirectory("../Modules/thc_ss/CALLBACKS");
    for(
$x=0;$x<count($aFiles);$x++){
        include_once(
"../Modules/thc_ss/CALLBACKS/".$aFiles[$x]);
        if(
$_CBACKD[0]==$_POST['sName'] || $_CBACKD[1]==$_POST['sLoc']){
            
$bContinue false;
            break;
        }
    }
    if(!
$bContinue){
        
// filename must not exist and callback name must be unique
        
$aDataR['jerror'] = "Filename must not exist and callback name must be unique";
        die(
json_encode($aDataR));
    }
    
// do we use preg searches?
    
$bPreg = ($iRegex==true false);
    
// make sure we have a valid method
    
if($sMethod!="post"){
        
$sMethod "get";
    }
    
// do we have a callback or will we just use static variables or send nothing
    
if(@strpos($sSendVars,"=")>0){
        
// add to query
        
if($sSendVars[0]=="?"){
            
// remove the question mark
            
$sSendVars substr($sSendVars,1);
        }
        if(
$sSendVars[strlen($sSendVars)-1]=="&"){
            
// remove the last ampersand to prevent mixed up urls
            
$sSendVars substr($sSendVars,0,-1);
        }
        
$aUrl['query'] = (isset($aUrl['query']) && $aUrl['query']!="" $aUrl['query']."&".$sSendVars $sSendVars);
    }
    
// construct callback template
    
$sTemplate "<?php\n";
    
$sTemplate .= "if(!defined('IN_SCRIPT')){\n";
    
$sTemplate .= "    exit;\n";
    
$sTemplate .= "}\n";
    
$sTemplate .= "// properties for this callback\n";
    
$sTemplate .= "\$_CBACKD = array(\"".$_POST['sName']."\",\"".$_POST['sLoc']."\");\n";
    
$sTemplate .= "\$_CBACKV = array();\n";
    
$iIndexA 0;
    include_once(
"../Modules/thc_ss/properties.php");
    foreach(
$_POST as $sKey=>$sValue){
        if(
$sValue!="" && $sKey!="sCallback"){
            
// value not empty, which is kewl but do we have this variable in the properties file?
            
for($i=0;$i<count($_CONTEXT['thc_ss_indexform']);$i++){
                if(isset(
$_CONTEXT['thc_ss_indexform'][$i]['var']) && $_CONTEXT['thc_ss_indexform'][$i]['var']==$sKey){
                    if(!isset($
$sKey)){
                        continue;
                    }
                    
$sTemplate .= "\$_CBACKV[".$iIndexA."] = array();\n";
                    
$sTemplate .= "\$_CBACKV[".$iIndexA."]['value'] = \"".$$sKey."\";\n";
                    
$sTemplate .= "\$_CBACKV[".$iIndexA."]['row'] = \$_CONTEXT['thc_ss_indexform'][".$i."]['row'];\n";
                    
$sTemplate .= "\$_CBACKV[".$iIndexA."]['fieldclass'] = \$_CONTEXT['thc_ss_indexform'][".$i."]['fieldclass'];\n";
                    
$sTemplate .= "\$_CBACKV[".$iIndexA."]['visibility'] = 1;\n";
                    
$iIndexA++;
                    continue;
                }
            }
        }
    }
    
$sTemplate .= "if(!isset(\$_GETCBACK)){\n";
    
$sTemplate .= $_POST['sCallback']."\n";
    
$sTemplate .= "}\n";
    
$sTemplate .= "?>";
    include_once(
"../Functions/fwrite.php");
    
$aDataR['jresult'] = (WriteF("../Modules/thc_ss/CALLBACKS/".$_POST['sLoc'],$sTemplate,"w") ? true false);
    if(
$aDataR['jresult']){
        
$aDataR['jcallback'] = 1;
    }
}
elseif(isset(
$_POST['sEditFile']) && isset($_POST['sNewData'])){
    
/* edit callback or setup file */
    
$sPage "../Functions/fwrite.php";
    if(!
IsThere($sPage)){
        
$aDataR['jerror'] = "Can't find function file <b>fwrite.php</b>";
    }
    else{
        @require(
$sPage);
        
// filter out file injections
        
$_POST['sEditFile'] = ExploitFilter($_POST['sEditFile'],0,1);
        if(
substr($_POST['sEditFile'],0,5)=="Apps/"){
            
$_POST['sEditFile'] = "../".$_POST['sEditFile'];
        }
        
$aDataR['jresult'] = (WriteF($_POST['sEditFile'],$_POST['sNewData'],"w") ? true false);
        
$aDataR['jeditdone'] = ($aDataR['jresult'] ? 0);
        
// just in case we fail here, error messages won't be read anyway if result is true
        
$aDataR['jerror'] = "Failed to overwrite file";
    }
}
echo 
json_encode($aDataR);
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3836
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.