random gallery image
random tutorial
preview

..I will show you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in..

read more

random debugging
xAnalyze

xAnalyze is a module that can search through corrupt data and configuration files in order to find the exact position of errors

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/* Configure maintenance scanner

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-02-2015
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
$_DYNAMIC_ROOT "..";
include_once(
"../header.php");
$sDest "../vars.php";
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "an error occured";
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/get_file_data.php",$_PATHS['data_root']."/monitor_files.php",$_PATHS['data_root']."/monitor_dirs.php",$_PATHS['functions_root']."/getfilebydir.php");
for(
$x=0;$x<count($aFiles);$x++){
    if(!
file_exists($aFiles[$x])){
        
$aDataR['jmessage'] = "Missing required file: ".$aFiles[$x];
        die(
json_encode($aDataR));
    }
    @include_once(
$aFiles[$x]);
}
// handler for INCLUDES_DIR/cc_filsize_check.php
if(isset($_POST['iTruncate'])){
    
// keeps track of which record in the ui we have to delete
    
$aDataR['jid'] = intval($_POST['iID']);
    
// because we use a dynamic root we need to change the path sent by json
    
$_POST['sTitle'] = trim($_POST['sTitle']);
    
$_POST['sTitle'] = "../".substr($_POST['sTitle'],strpos($_POST['sTitle'],"/",strrpos($_POST['sTitle'],"thc_hacksuite"))+1);
    if(!
in_array($_POST['sTitle'],$_CONTEXT['monitor_f'])){
        
// invalid file, possible file injection attempt or corrupt data
        
$aDataR['jmessage'] = "You can only truncate files from the whitelist";
    }
    else{
        if(
false===(WriteF($_POST['sTitle'],"","w"))){
            
$aDataR['jmessage'] = "Failed to truncate ".$_POST['sTitle'];
        }
        else{
            
$aDataR['jresult'] = true;
        }
    }
}
// handler for INCLUDES_DIR/cc_filesindir_check.php
elseif(isset($_POST['iDeleteFiles'])){
    
// keeps track of which record in the ui we have to delete
    
$aDataR['jid'] = intval($_POST['iID']);
    
// because we use a dynamic root we need to change the path sent by json
    
$_POST['sTitle'] = trim($_POST['sTitle']);
    
$_POST['sTitle'] = "../".substr($_POST['sTitle'],strpos($_POST['sTitle'],"/",strrpos($_POST['sTitle'],"thc_hacksuite"))+1);
    if(!
in_array($_POST['sTitle'],$_CONTEXT['monitor_d'])){
        
// invalid folder
        
$aDataR['jmessage'] = "You can only remove files in folders from the whitelist";
    }
    else{
        
$aFiles GetFilesByDirectory($_POST['sTitle']);
        for(
$x=0;$x<count($aFiles);$x++){
            @
unlink($_POST['sTitle']."/".$aFiles[$x]);
        }
        
$aDataR['jresult'] = true;
    }
}
// handler for INCLUDES_DIR/cc_function_check.php
elseif(isset($_POST['iDownloadFiles'])){
    
// keeps track of which record in the ui we have to delete
    
$aDataR['jid'] = intval($_POST['iID']);
    
$_POST['sFile'] = ExploitFilter($_POST['sFile'],0,1);
    
$sDest $_PATHS['functions_root']."/".$_POST['sFile'];
    if(!
file_exists($sDest)){
        
// if the file isn't there, let's download it
        
if(!extension_loaded('curl')){
            if(!@
dl('curl.so')){
                
$aDataR['jmessage'] = "Unable to send curl request";
                die(
json_encode($aDataR));
            }
        }
        
$rCurl curl_init();
        
curl_setopt($rCurl,CURLOPT_URL"http://hacksuite.com/maintenance_functions.php?sFile=".$_POST['sFile']);
        
curl_setopt($rCurl,CURLOPT_HEADERfalse);
        
curl_setopt($rCurl,CURLOPT_RETURNTRANSFERtrue);
        
$sOutput curl_exec($rCurl);
        
curl_close($rCurl);
        
// let's extract the data
        
$aData = @json_decode($sOutput);
        if(isset(
$aData->jdata)){
            if(!
WriteF($sDest,$aData->jdata,"w")){
                
$aDataR['jmessage'] = "Failed to write function data";
            }
            else{
                
// success, update log_activity.php
                
$sNewD "<?php\n";
                
$sNewD .= "/* Activity log\n\n";
                
$sNewD .= "Author: Remco Kouw\n";
                
$sNewD .= "Site: http://www.hacksuite.com\n";
                
$sNewD .= "Last Edit: ".date('d-m-Y',time())."\n";
                
$sNewD .= "*/\n";
                
$sNewD .= "if(!defined('IN_SCRIPT')){\n";
                
$sNewD .= "\texit;\n";
                
$sNewD .= "}\n";
                
$sNewD .= "\$_CONTEXT['useraccessdata'] = array();\n";
                
$sNewD .= "\$_CONTEXT['useraccessdata']['installed'] = ".$_CONTEXT['useraccessdata']['installed'].";\n";
                
$sNewD .= "\$_CONTEXT['useraccessdata']['last_update'] = ".time().";\n";
                
$sNewD .= "\$_CONTEXT['useraccessdata']['ip'] = array(\"".$_SERVER['REMOTE_ADDR']."\");\n";
                
$sNewD .= "\$_CONTEXT['useraccessdata']['last_scan'] = ".$_CONTEXT['useraccessdata']['last_scan'].";\n";
                
$sNewD .= "\$_CONTEXT['useraccessdata']['action'] = \"Updated function ".$_POST['sFile']."\";\n";
                
$sNewD .= "?>";
                
WriteF($_PATHS['log_root']."/log_activity.php",$sNewD,"w");
                
$aDataR['jresult'] = true;
            }
        }
        else{
            
$aDataR['jmessage'] = "No file data found";
        }
    }
    else{
        
$aDataR['jmessage'] = "File already exists";
    }
}
// handler for evil code scan
elseif(isset($_POST['iShowSource'])){
    
$sLocationA substr(trim($_POST['sFile']),strpos($_SERVER['REQUEST_URI'],"JSON"));
    
$sLocationA "../".str_replace("/","\\",$sLocationA);
    
$aDataR['jdata'] = nl2br(str_replace("<","&lt;",file_get_contents($sLocationA)));
    
$aDataR['jresult'] = true;
}
die(
json_encode($aDataR));
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3889
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.