random gallery image
random tutorial
preview

..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain..

read more

random vulnerability assesment
THC AntiEvil

Attempts to find suspicious and evil files or code

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/* Changes your security settings for the HackSuite

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 09-03-2015
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
$_DYNAMIC_ROOT "..";
$bWriteMe false;
include_once(
"../header.php");
$sDest "../vars.php";
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "an error occured";
// target files we need, so make sure they are present
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/get_file_data.php");
for(
$x=0;$x<count($aFiles);$x++){
    if(!
file_exists($aFiles[$x])){
        
$aDataR['jmessage'] = "Missing required file: ".$aFiles[$x];
        die(
json_encode($aDataR));
    }
    @include_once(
$aFiles[$x]);
}
if(!
is_writable($sDest)){
    
$aDataR['jmessage'] = "Make sure the file vars.php in root is writable";
}
else{
    
$sData GetFileData($sDest);
    
$sMD5 md5($sData);
    if(isset(
$_POST['iUpdateMe'])){
        switch(
$_POST['iUpdateMe']){
            
/* change password access */
            
case"0":
            if(!isset(
$_POST['iUpdate']) || $_POST['iUpdate']!=1){
                
$aDataR['jmessage'] = "You need to select the checkbox in order to make changes";
            }
            else{
                if(!isset(
$_POST['sPass1']) || !isset($_POST['sPass2'])){
                    
$aDataR['jmessage'] = "No passwords specified";
                }
                elseif(
$_POST['sPass1']==""){
                    
$aDataR['jmessage'] = "Password hasn't been specified";
                }
                elseif(
$_POST['sPass1']!=$_POST['sPass2']){
                    
$aDataR['jmessage'] = "Passwords don't match";
                }
                elseif(
strlen($_POST['sPass1'])<6){
                    
$aDataR['jmessage'] = "Password must at least be 6 characters long";
                }
                else{
                    if(
$_CONTEXT['ip_access']!=true && $_CONTEXT['pass_access']==true){
                        
// stop right there, we need to have one form of security
                        
$aDataR['jmessage'] = "You need to have at least one form of security";
                    }
                    else{
                        
// update the settings
                        
$sMD5 md5($sData);
                        
$sOld "\$_CONTEXT['pass_access'] = ".($_CONTEXT['pass_access'] ? "true" "false").";";
                        
$sNew "\$_CONTEXT['pass_access'] = ".($_CONTEXT['pass_access'] ? "false" "true").";";
                        
$sData str_replace($sOld,$sNew,$sData);
                        if(
$_CONTEXT['pass_access']){
                            
// if access is set then there must be a password in order to reach this page, that's why we can validate the password right away
                            
if(sha1($_CONTEXT['pass_salt'].":".$_POST['sPass1'])==$_CONTEXT['pass_hash']){
                                
// pass access will be disabled so remove the cookie
                                
setcookie("thcauth_".substr($_CONTEXT['pass_hash'],0,5),$_CONTEXT['pass_hash'],(time()-1000),"/");
                                
$bWriteMe true;
                            }
                            else{
                                
$aDataR['jmessage'] = "Invalid password specified";
                            }
                            
                        }
                        else{
                            
// see if there's a salt set
                            
if($_CONTEXT['pass_salt']==0){
                                
$sSalt substr(md5(mt_rand(0,time())),0,10);
                                
$sData str_replace("\$_CONTEXT['pass_salt'] = 0;","\$_CONTEXT['pass_salt'] = \"".$sSalt."\";",$sData);
                            }
                            
// set password hash if it isn't there yet
                            
if($_CONTEXT['pass_hash']==0){
                                if(!isset(
$sSalt)){
                                    
$sSalt $_CONTEXT['pass_salt'];
                                }
                                
$sData str_replace("\$_CONTEXT['pass_hash'] = 0;","\$_CONTEXT['pass_hash'] = \"".sha1($sSalt.":".$_POST['sPass1'])."\";",$sData);
                            }
                            
$sMD5New md5($sData);
                            if(
$sMD5New==$sMD5){
                                
$aDataR['jmessage'] = "Nothing to update";
                            }
                            else{
                                if(isset(
$_COOKIE["thcauth_".substr($_CONTEXT['pass_hash'],0,5)])){
                                    
// let old cookie expire
                                    
setcookie("thcauth_".substr($_CONTEXT['pass_hash'],0,5),$_CONTEXT['pass_hash'],(time()-1000),"/");
                                }
                                
$aDataR['jmessage'] = "Successfully updated password access settings";
                                
$aDataR['jref'] = ($_CONTEXT['pass_access'] ? 1);
                                
$bWriteMe true;
                            }
                        }
                    }
                }
            }
            break;
            
/* change ip access */
            
case"1":
            if(!isset(
$_POST['iUpdate']) || $_POST['iUpdate']!=1){
                
$aDataR['jmessage'] = "You need to select the checkbox in order to make changes";
            }
            else{
                if(
$_CONTEXT['ip_access']==true && $_CONTEXT['pass_access']!=true){
                    
// stop right there, we need to have one form of security
                    
$aDataR['jmessage'] = "You need to have at least one form of security";
                }
                else{
                    
// update the settings
                    
$sOld "\$_CONTEXT['ip_access'] = ".($_CONTEXT['ip_access'] ? "true" "false").";";
                    
$sNew "\$_CONTEXT['ip_access'] = ".($_CONTEXT['ip_access'] ? "false" "true").";";
                    
$sData str_replace($sOld,$sNew,$sData);
                    
$aDataR['jmessage'] = "Successfully updated ip access settings";
                    
$aDataR['jref'] = ($_CONTEXT['ip_access'] ? 1);
                    
$bWriteMe true;
                }
            }
            break;
            
/* allowed ip addresses */
            
case"2":
            if(!isset(
$_POST['sIPS']) || $_POST['sIPS']==""){
                
$aDataR['jmessage'] = "No ip addresses to allow";
            }
            else{
                
$_POST['sIPS'] = str_replace(" ","",trim($_POST['sIPS']));
                
$bNotIP false;
                
$sIP "";
                if(
strpos($_POST['sIPS'],",")===false){
                    
// single ip address
                    
if(!@filter_var($_POST['sIPS'],FILTER_VALIDATE_IP,FILTER_FLAG_IPV4)){
                        
$aDataR['jmessage'] = "Invalid ip address ".$_POST['sIPS'];
                        
$bNotIP true;
                    }
                    
$sIP "\"".$_POST['sIPS']."\"";
                }
                else{
                    
// multiple ip addresses
                    
$aIPS explode(",",$_POST['sIPS']);
                    for(
$b=0;$b<count($aIPS);$b++){
                        if(!@
filter_var($aIPS[$b],FILTER_VALIDATE_IP,FILTER_FLAG_IPV4)){
                            
$aDataR['jmessage'] = "Invalid ip address: ".$aIPS[$b];
                            
$bNotIP true;
                            break;
                        }
                        
$sIP .= ($b>"," "")."\"".$aIPS[$b]."\"";
                    }
                }
                if(!
$bNotIP){
                    
$sOldIPS "";
                    for(
$b=0;$b<count($_CONTEXT['ip_allowed']);$b++){
                        
$sOldIPS .= ($b>"," "")."\"".$_CONTEXT['ip_allowed'][$b]."\"";
                    }
                    
$sOld "\$_CONTEXT['ip_allowed'] = array(".$sOldIPS.");";
                    
$sNew "\$_CONTEXT['ip_allowed'] = array(".$sIP.");";
                    
$sData str_replace($sOld,$sNew,$sData);
                    
$sMD5New md5($sData);
                    if(
$sMD5New==$sMD5){
                        
$aDataR['jmessage'] = "Nothing to update";
                    }
                    else{
                        
$aDataR['jmessage'] = "Successfully updated ip whitelist";
                        
$aDataR['jref'] = $_POST['sIPS'];
                        
$bWriteMe true;
                    }
                }
            }
            break;
            
/* update password */
            
case"3":
            if(!isset(
$_POST['sPassO'],$_POST['sPassN'])){
                
$aDataR['jmessage'] = "Expecting password variables to be sent";
            }
            else{
                
$_POST['sPassO'] = trim($_POST['sPassO']);
                
$_POST['sPassN'] = trim($_POST['sPassN']);
                if(
$_POST['sPassO']==$_POST['sPassN']){
                    
$aDataR['jmessage'] = "The old password can't be the same as the new password";
                }
                elseif(empty(
$_POST['sPassO'])){
                    
$aDataR['jmessage'] = "Password can't be empty";
                }
                else{
                    if(
strlen($_POST['sPassN'])<6){
                        
$aDataR['jmessage'] = "Password must at least be 6 characters";
                    }
                    else{
                        if(
sha1($_CONTEXT['pass_salt'].":".$_POST['sPassO'])!=$_CONTEXT['pass_hash']){
                            
$aDataR['jmessage'] = "Specified password isn't your old password";
                        }
                        else{
                            
$sData str_replace("\$_CONTEXT['pass_hash'] = \"".$_CONTEXT['pass_hash']."\";","\$_CONTEXT['pass_hash'] = \"".sha1($_CONTEXT['pass_salt'].":".$_POST['sPassN'])."\";",$sData);
                            
$sMD5New md5($sData);
                            if(
$sMD5New==$sMD5){
                                
$aDataR['jmessage'] = "Nothing to update";
                            }
                            else{
                                
// let old cookie expire
                                
setcookie("thcauth_".substr($_CONTEXT['pass_hash'],0,5),$_CONTEXT['pass_hash'],(time()-1000),"/");
                                
$aDataR['jmessage'] = "Successfully updated your password";
                                
$bWriteMe true;
                            }
                        }
                    }
                }
            }
            break;
            
/* update password hash */
            
case"4":
            if(!isset(
$_POST['sHash']) || $_POST['sHash']==""){
                
$aDataR['jmessage'] = "No hash specified to update";
            }
            else{
                
$_POST['sHash'] = trim($_POST['sHash']);
                if(!
preg_match('/^[0-9a-f]{40}$/',$_POST['sHash'])){
                    
$aDataR['jmessage'] = "Successfully updated your password";
                }
                else{
                    
$sData str_replace("\$_CONTEXT['pass_hash'] = \"".$_CONTEXT['pass_hash']."\";","\$_CONTEXT['pass_hash'] = \"".$_POST['sHash']."\";",$sData);
                    
$sMD5New md5($sData);
                    if(
$sMD5New==$sMD5){
                        
$aDataR['jmessage'] = "Nothing to update";
                    }
                    else{
                        
// let old cookie expire
                        
setcookie("thcauth_".substr($_CONTEXT['pass_hash'],0,5),$_CONTEXT['pass_hash'],(time()-1000),"/");
                        
$aDataR['jmessage'] = "Successfully updated your password hash";
                        
$bWriteMe true;
                    }
                }
            }
            break;
            
/* update password salt */
            
case"5":
            if(!isset(
$_POST['sSalt']) || $_POST['sSalt']==""){
                
$aDataR['jmessage'] = "No salt specified to update";
            }
            else{
                
$_POST['sSalt'] = trim($_POST['sSalt']);
                if(
strlen($_POST['sSalt'])<3){
                    
$aDataR['jmessage'] = "You need a salt of at least 3 characters";
                }
                else{
                    
$sData str_replace("\$_CONTEXT['pass_salt'] = \"".$_CONTEXT['pass_salt']."\";","\$_CONTEXT['pass_salt'] = \"".$_POST['sSalt']."\";",$sData);
                    
$sMD5New md5($sData);
                    if(
$sMD5New==$sMD5){
                        
$aDataR['jmessage'] = "Nothing to update";
                    }
                    else{
                        
// let old cookie expire
                        
setcookie("thcauth_".substr($_CONTEXT['pass_hash'],0,5),$_CONTEXT['pass_hash'],(time()-1000),"/");
                        
$aDataR['jmessage'] = "Successfully updated your password salt";
                        
$bWriteMe true;
                    }
                }
            }
            break;
            
/* update cookie life */
            
case"6":
            if(!isset(
$_POST['iCookieLife']) || $_POST['iCookieLife']==""){
                
$aDataR['jmessage'] = "No cookie life value specified";
            }
            else{
                
$_POST['iCookieLife'] = @intval($_POST['iCookieLife']);
                if(!
is_int($_POST['iCookieLife']) || $_POST['iCookieLife']<600){
                    
$aDataR['jmessage'] = "A valid value for cookie life is an integer value of at least 600 (seconds)";
                }
                else{
                    
$sData str_replace("\$_CONTEXT['cookielife'] = ".$_CONTEXT['cookielife'].";","\$_CONTEXT['cookielife'] = ".$_POST['iCookieLife'].";",$sData);
                    
$sMD5New md5($sData);
                    if(
$sMD5New==$sMD5){
                        
$aDataR['jmessage'] = "Nothing to update";
                    }
                    else{
                        
// update old cookie expiration date
                        
setcookie("thcauth_".substr($_CONTEXT['pass_hash'],0,5),$_CONTEXT['pass_hash'],(time()+$_POST['iCookieLife']),"/");
                        
$aDataR['jmessage'] = "Successfully updated cookie expiration date";
                        
$aDataR['jref'] = $_POST['iCookieLife'];
                        
$bWriteMe true;
                    }
                }
            }
            break;
            
/* update sleep after login fail */
            
case"7":
            if(!isset(
$_POST['iSleepVal']) || $_POST['iSleepVal']==""){
                
$aDataR['jmessage'] = "No sleep value specified";
            }
            else{
                
$_POST['iSleepVal'] = @intval($_POST['iSleepVal']);
                if(!
is_int($_POST['iSleepVal']) || ($_POST['iSleepVal']<|| $_POST['iSleepVal']>9)){
                    
$aDataR['jmessage'] = "Choose a value between 1 and 9 (seconds)";
                }
                else{
                    
$sData str_replace("\$_CONTEXT['sleeptime'] = ".$_CONTEXT['sleeptime'].";","\$_CONTEXT['sleeptime'] = ".$_POST['iSleepVal'].";",$sData);
                    
$sMD5New md5($sData);
                    if(
$sMD5New==$sMD5){
                        
$aDataR['jmessage'] = "Nothing to update";
                    }
                    else{
                        
$aDataR['jmessage'] = "Successfully updated sleep time for login failures";
                        
$aDataR['jref'] = $_POST['iSleepVal'];
                        
$bWriteMe true;
                    }
                }
            }
            break;
            
/* login file location */
            
case"8":
            if(!isset(
$_POST['sLoginFile']) || $_POST['sLoginFile']==""){
                
$aDataR['jmessage'] = "No login file value specified";
            }
            else{
                
$_POST['sLoginFile'] = trim($_POST['sLoginFile']);
                if(!
function_exists("ExploitFilter")){
                    include_once(
$_PATHS['functions_root']."/exploitfilter.php");
                }
                if(
ExploitFilter($_POST['sLoginFile'],false,true)!=$_POST['sLoginFile']){
                    
$aDataR['jmessage'] = "Special characters are not allowed";
                }
                elseif(
$_POST['sLoginFile']==$_CONTEXT['login_file']){
                    
$aDataR['jmessage'] = "You are already using that login file location";
                }
                else{
                    if(
file_exists($_PATHS['root']."/".$_POST['sLoginFile'])){
                        
$aDataR['jmessage'] = "Can't create the file because it already exist";
                    }
                    else{
                        if(!@
rename($_PATHS['root']."/".$_CONTEXT['login_file'],$_PATHS['root']."/".$_POST['sLoginFile'])){
                            
$aDataR['jmessage'] = "Failed to rename file to: ".$_POST['sLoginFile'];
                        }
                        else{
                            
$sData str_replace("\$_CONTEXT['login_file'] = \"".$_CONTEXT['login_file']."\";","\$_CONTEXT['login_file'] = \"".$_POST['sLoginFile']."\";",$sData);
                            
$sMD5New md5($sData);
                            if(
$sMD5New==$sMD5){
                                
$aDataR['jmessage'] = "Nothing to update";
                            }
                            else{
                                
$aDataR['jmessage'] = "Successfully updated login file location";
                                
$aDataR['jref'] = $_POST['sLoginFile'];
                                
$bWriteMe true;
                            }
                        }
                        
                    }
                }
            }
            break;
            
/* redirect after login failure */
            
case"9":
            
$_POST['sUrl'] = trim($_POST['sUrl']);
            
$aUrl = @parse_url($_POST['sUrl']);
            if(!isset(
$aUrl['host']) || $aUrl['host']==""){
                
$aDataR['jmessage'] = "Invalid url specified";
            }
            else{
                
$sData str_replace("\$_CONTEXT['redirect_fail_login'] = \"".$_CONTEXT['redirect_fail_login']."\";","\$_CONTEXT['redirect_fail_login'] = \"".$_POST['sUrl']."\";",$sData);
                
$sMD5New md5($sData);
                if(
$sMD5New==$sMD5){
                    
$aDataR['jmessage'] = "Nothing to update";
                }
                else{
                    
$aDataR['jmessage'] = "Successfully updated redirect website location";
                    
$aDataR['jref'] = $_POST['sUrl'];
                    
$bWriteMe true;
                }
            }
            break;
            
/* reset access to suite */
            
case"10":
            if(!isset(
$_POST['iReset']) || $_POST['iReset']==""){
                
$aDataR['jmessage'] = "You need to select the checkbox in order to reset the access";
            }
            else{
                
// as we have several types let's just file() the content and edit it the easy way
                
$aFile file($sDest);
                
// default vars.php values
                
$_CONTEXT['defconnect'] = array();
                
$_CONTEXT['defconnect']['ip_access'] = "false";
                
$_CONTEXT['defconnect']['ip_allowed'] = "array()";
                
$_CONTEXT['defconnect']['pass_access'] = "false";
                
$_CONTEXT['defconnect']['pass_hash'] = "0";
                
$_CONTEXT['defconnect']['pass_salt'] = "0";
                
$_CONTEXT['defconnect']['sleeptime'] = "3";
                
$_CONTEXT['defconnect']['cookielife'] = "86400";
                
$_CONTEXT['defconnect']['login_file'] = "\"login.php\"";
                
$_CONTEXT['defconnect']['redirect_fail_login'] = "\"http://www.google.com\"";
                
$sBuffer "";
                for(
$x=0;$x<count($aFile);$x++){
                    
$bFound false;
                    foreach(
$_CONTEXT['defconnect'] as $sKey=>$sValue){
                        if(
strpos($aFile[$x],"\$_CONTEXT['".$sKey."']")===0){
                            
$sBuffer .= "\$_CONTEXT['".$sKey."'] = ".$sValue.";\n";
                            
$bFound true;
                            break;
                        }
                    }
                    if(!
$bFound){
                        
$sBuffer .= $aFile[$x];
                    }
                }
                
$sMD5New md5($sBuffer);
                if(
$sMD5New==$sMD5){
                    
$aDataR['jmessage'] = "Nothing to update";
                }
                else{
                    
$sData $sBuffer;
                    
// destroy cookie
                    
@setcookie("thcauth_".substr($_CONTEXT['pass_hash'],0,5),$_CONTEXT['pass_hash'],(time()-1000),"/");
                    
$aDataR['jmessage'] = "Successfully reset the environment, you will be redirected back to setup.php";
                    
$aDataR['jredirect'] = 1;
                    
$bWriteMe true;
                }
            }
            break;
            default:
        }
    }
    else{
        
$aDataR['jmessage'] = "Invalid action specified";
    }
}
if(
$bWriteMe){
    
WriteF($sDest,$sData,"w");
    
$aDataR['jresult'] = true;
}
echo 
json_encode($aDataR);
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3840
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.