..more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they function. what we..
<?php
/* Configure maintenance scanner
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-02-2015
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
$_DYNAMIC_ROOT = "..";
include_once("../header.php");
$sDest = "../vars.php";
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "an error occured";
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/get_file_data.php",$_PATHS['data_root']."/monitor_files.php",$_PATHS['data_root']."/monitor_dirs.php",$_PATHS['functions_root']."/getfilebydir.php");
for($x=0;$x<count($aFiles);$x++){
if(!file_exists($aFiles[$x])){
$aDataR['jmessage'] = "Missing required file: ".$aFiles[$x];
die(json_encode($aDataR));
}
@include_once($aFiles[$x]);
}
// handler for INCLUDES_DIR/cc_filsize_check.php
if(isset($_POST['iTruncate'])){
// keeps track of which record in the ui we have to delete
$aDataR['jid'] = intval($_POST['iID']);
// because we use a dynamic root we need to change the path sent by json
$_POST['sTitle'] = trim($_POST['sTitle']);
$_POST['sTitle'] = "../".substr($_POST['sTitle'],strpos($_POST['sTitle'],"/",strrpos($_POST['sTitle'],"thc_hacksuite"))+1);
if(!in_array($_POST['sTitle'],$_CONTEXT['monitor_f'])){
// invalid file, possible file injection attempt or corrupt data
$aDataR['jmessage'] = "You can only truncate files from the whitelist";
}
else{
if(false===(WriteF($_POST['sTitle'],"","w"))){
$aDataR['jmessage'] = "Failed to truncate ".$_POST['sTitle'];
}
else{
$aDataR['jresult'] = true;
}
}
}
// handler for INCLUDES_DIR/cc_filesindir_check.php
elseif(isset($_POST['iDeleteFiles'])){
// keeps track of which record in the ui we have to delete
$aDataR['jid'] = intval($_POST['iID']);
// because we use a dynamic root we need to change the path sent by json
$_POST['sTitle'] = trim($_POST['sTitle']);
$_POST['sTitle'] = "../".substr($_POST['sTitle'],strpos($_POST['sTitle'],"/",strrpos($_POST['sTitle'],"thc_hacksuite"))+1);
if(!in_array($_POST['sTitle'],$_CONTEXT['monitor_d'])){
// invalid folder
$aDataR['jmessage'] = "You can only remove files in folders from the whitelist";
}
else{
$aFiles = GetFilesByDirectory($_POST['sTitle']);
for($x=0;$x<count($aFiles);$x++){
@unlink($_POST['sTitle']."/".$aFiles[$x]);
}
$aDataR['jresult'] = true;
}
}
// handler for INCLUDES_DIR/cc_function_check.php
elseif(isset($_POST['iDownloadFiles'])){
// keeps track of which record in the ui we have to delete
$aDataR['jid'] = intval($_POST['iID']);
$_POST['sFile'] = ExploitFilter($_POST['sFile'],0,1);
$sDest = $_PATHS['functions_root']."/".$_POST['sFile'];
if(!file_exists($sDest)){
// if the file isn't there, let's download it
if(!extension_loaded('curl')){
if(!@dl('curl.so')){
$aDataR['jmessage'] = "Unable to send curl request";
die(json_encode($aDataR));
}
}
$rCurl = curl_init();
curl_setopt($rCurl,CURLOPT_URL, "http://hacksuite.com/maintenance_functions.php?sFile=".$_POST['sFile']);
curl_setopt($rCurl,CURLOPT_HEADER, false);
curl_setopt($rCurl,CURLOPT_RETURNTRANSFER, true);
$sOutput = curl_exec($rCurl);
curl_close($rCurl);
// let's extract the data
$aData = @json_decode($sOutput);
if(isset($aData->jdata)){
if(!WriteF($sDest,$aData->jdata,"w")){
$aDataR['jmessage'] = "Failed to write function data";
}
else{
// success, update log_activity.php
$sNewD = "<?php\n";
$sNewD .= "/* Activity log\n\n";
$sNewD .= "Author: Remco Kouw\n";
$sNewD .= "Site: http://www.hacksuite.com\n";
$sNewD .= "Last Edit: ".date('d-m-Y',time())."\n";
$sNewD .= "*/\n";
$sNewD .= "if(!defined('IN_SCRIPT')){\n";
$sNewD .= "\texit;\n";
$sNewD .= "}\n";
$sNewD .= "\$_CONTEXT['useraccessdata'] = array();\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['installed'] = ".$_CONTEXT['useraccessdata']['installed'].";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['last_update'] = ".time().";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['ip'] = array(\"".$_SERVER['REMOTE_ADDR']."\");\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['last_scan'] = ".$_CONTEXT['useraccessdata']['last_scan'].";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['action'] = \"Updated function ".$_POST['sFile']."\";\n";
$sNewD .= "?>";
WriteF($_PATHS['log_root']."/log_activity.php",$sNewD,"w");
$aDataR['jresult'] = true;
}
}
else{
$aDataR['jmessage'] = "No file data found";
}
}
else{
$aDataR['jmessage'] = "File already exists";
}
}
// handler for evil code scan
elseif(isset($_POST['iShowSource'])){
$sLocationA = substr(trim($_POST['sFile']),strpos($_SERVER['REQUEST_URI'],"JSON"));
$sLocationA = "../".str_replace("/","\\",$sLocationA);
$aDataR['jdata'] = nl2br(str_replace("<","<",file_get_contents($sLocationA)));
$aDataR['jresult'] = true;
}
die(json_encode($aDataR));
?>