random gallery image
random tutorial
preview

..make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain what we're..

read more

random vulnerability assesment
THC AntiEvil

Attempts to find suspicious and evil files or code

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/* Path editor

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 21-02-2015
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
$_DYNAMIC_ROOT "..";
include_once(
"../header.php");
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "An error occured";
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/get_file_data.php",$_PATHS['functions_root']."/getfilebydir.php",$_PATHS['data_root']."/allowed_paths.php");
for(
$x=0;$x<count($aFiles);$x++){
    if(!
file_exists($aFiles[$x])){
        
$aDataR['jmessage'] = "Missing required file: ".$aFiles[$x];
        die(
json_encode($aDataR));
    }
    @include_once(
$aFiles[$x]);
}
if(isset(
$_POST['sNewName'])){
    
// save new folder
    
$_POST['sNewName'] = @trim($_POST['sNewName']);
    
$_POST['sFolderName'] = @trim($_POST['sFolderName']);
    
$sDest $_PATHS['root']."/paths.php";
    if(!
in_array($_POST['sFolderName'],$_CONTEXT['allowedpaths'])){
        
$aDataR['jmessage'] = "Foldername isn't allowed to change";
    }
    elseif(!isset(
$_PATHS[$_POST['sFolderName']])){
        
$aDataR['jmessage'] = "Foldername isn't defined as a path";
    }
    else{
        if(!
preg_match('/^[a-z0-9]+$/i',$_POST['sNewName'])){
            
$aDataR['jmessage'] = "Invalid foldername structure";
        }
        else{
            
// validate new folder name
            
foreach($_PATHS as $sKey=>$sValue){
                if(
$sValue!=""){
                    
$aPath explode("/",$sValue);
                    
$sFolderN $aPath[count($aPath)-1];
                    if(
$sFolderN==$_POST['sNewName']){
                        
$_CONTEXT['folderexists'] = true;
                    }
                }
            }
            if(!isset(
$_CONTEXT['folderexists'])){
                if(
false==($sFileData GetFileData($sDest))){
                    
$aDataR['jmessage'] = "Failed to get data from paths.php";
                }
                else{
                    
// determine whether it's necessary to do the update
                    
$aPath explode("/",$_PATHS[$_POST['sFolderName']]);
                    
$sF1 md5($sFileData);
                    
$sSearch "\$_PATHS['".$_POST['sFolderName']."'] = \$_PATHS['root'].\"/".$aPath[count($aPath)-1]."\";";
                    
$sReplace "\$_PATHS['".$_POST['sFolderName']."'] = \$_PATHS['root'].\"/".$_POST['sNewName']."\";";
                    
$sFileData str_replace($sSearch,$sReplace,$sFileData);
                    
$sF2 md5($sFileData);
                    if(
$sF1==$sF2){
                        
$aDataR['jmessage'] = "Nothing to update";
                    }
                    else{
                        if(!
WriteF($sDest,$sFileData,"w")){
                            
$aDataR['jmessage'] = "Logfile isn't writable";
                        }
                        else{
                            if(@
rename($_PATHS['root']."/".$aPath[count($aPath)-1],$_PATHS['root']."/".$_POST['sNewName'])){
                                
$aDataR['jresult'] = true;
                                
$aDataR['jmessage'] = "Successfully changed folder";
                            }
                            else{
                                
$aDataR['jmessage'] = "Failed to rename folder";
                            }
                        }
                    }
                }
            }
            else{
                
$aDataR['jmessage'] = "Folder already exists";
            }
        }
    }
    if(!
in_array($_POST['sFolderName'],$_CONTEXT['allowedpaths'])){
        
$aDataR['jmessage'] = "Foldername isn't allowed to change";
    }
    elseif(!isset(
$_PATHS[$_POST['sFolderName']])){
        
$aDataR['jmessage'] = "Foldername isn't defined as a path";
    }
    else{
        
$aPath explode("/",$_PATHS[$_POST['sFolderName']]);
        
$aDataR['jfolder'] = $aPath[count($aPath)-1];
        
$aDataR['jresult'] = true;
    }
}
elseif(isset(
$_POST['sFolderName'])){
    
// fetch the folder name
    
if(!in_array($_POST['sFolderName'],$_CONTEXT['allowedpaths'])){
        
$aDataR['jmessage'] = "Foldername isn't allowed to change";
    }
    elseif(!isset(
$_PATHS[$_POST['sFolderName']])){
        
$aDataR['jmessage'] = "Foldername isn't defined as a path";
    }
    else{
        
$aPath explode("/",$_PATHS[$_POST['sFolderName']]);
        
$aDataR['jfolder'] = $aPath[count($aPath)-1];
        
$aDataR['jresult'] = true;
    }
}
echo 
json_encode($aDataR);
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3882
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.