..show you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in the..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/* Setup handler
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 28-11-2014
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
define('IN_SCRIPT',1);
include_once("../vars.php");
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "Unknown action";
$sDest = "../Data/core_functions.php";
if(!@filesize($sDest)){
// create core functions data file
@include_once("../Functions/fwrite.php");
@include_once("../Functions/getfilebydir.php");
// core functions template
$sTemplate = "<?php\n";
$sTemplate .= "/* Core functions in the HackSuite\n\n";
$sTemplate .= "Author: Remco Kouw\n";
$sTemplate .= "Site: http://www.hacksuite.com\n";
$sTemplate .= "Last Edit: ".date('d-m-Y',time())."\n";
$sTemplate .= "*/\n";
$sTemplate .= "if(!defined('IN_SCRIPT')){\n\t";
$sTemplate .= "exit;\n";
$sTemplate .= "}\n";
$aFiles = GetFilesByDirectory("../Functions");
$sTemp = "";
for($x=0;$x<count($aFiles);$x++){
if($x!=0){
$sTemp .= ",";
}
$sTemp .= "\"".$aFiles[$x]."\"";
}
$sTemplate .= "\$_CONTEXT['core_functions'] = array(".$sTemp.");\n";
$sTemplate .= "?>";
WriteF($sDest,$sTemplate,"w");
// update log template
$sDest = "../Logs/log_activity.php";
$sTemplate = "<?php\n";
$sTemplate .= "/* Activity log\n\n";
$sTemplate .= "Author: Remco Kouw\n";
$sTemplate .= "Site: http://www.hacksuite.com\n";
$sTemplate .= "Last Edit: ".date('d-m-Y',time())."\n";
$sTemplate .= "*/\n";
$sTemplate .= "if(!defined('IN_SCRIPT')){\n\t";
$sTemplate .= "exit;\n";
$sTemplate .= "}\n";
$sTemplate .= "\$_CONTEXT['useraccessdata'] = array();\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['installed'] = ".time().";\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['last_update'] = ".time().";\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['ip'] = array(\"".$_SERVER['REMOTE_ADDR']."\");\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['last_scan'] = 0;\n";
$sTemplate .= "\$_CONTEXT['useraccessdata']['action'] = \"installed cms\";\n";
$sTemplate .= "?>";
WriteF($sDest,$sTemplate,"w");
}
if(isset($_POST['selectme'])){
if(isset($_CONTEXT['pass_access'],$_CONTEXT['ip_access']) && ($_CONTEXT['pass_access'] || $_CONTEXT['ip_access'])){
$aDataR['jmessage'] = "You have already setup the suite, use the configuration in order to change things";
}
else{
$aDataR['jresult'] = true;
if(isset($_POST['sPassLogin']) && isset($_POST['sIPLogin'])){
$aDataR['jnext'] = "both";
}
elseif(isset($_POST['sPassLogin'])){
$aDataR['jnext'] = "pass";
}
elseif(isset($_POST['sIPLogin'])){
$aDataR['jnext'] = "ip";
}
else{
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "Please select a security method for your suite";
}
}
}
elseif(isset($_POST['ipme'])){
if(!@filter_var($_POST['sIP'],FILTER_VALIDATE_IP,FILTER_FLAG_IPV4)){
$aDataR['jmessage'] = "Invalid ip address";
}
elseif($_POST['sIP']!=$_SERVER['REMOTE_ADDR'] && !isset($_POST['iConfirm'])){
$aDataR['jallow'] = 1;
$aDataR['jmessage'] = "This will block your current ip address (".$_SERVER['REMOTE_ADDR']."), if you're sure you want this then submit the form again";
}
else{
$sDest = "../vars.php";
$sData = @file_get_contents($sDest);
@include_once("../Functions/fwrite.php");
if(!is_writable($sDest)){
$aDataR['jmessage'] = "Make sure the file vars.php in root is writable";
}
else{
if(!function_exists("WriteF")){
$aDataR['jmessage'] = "Unable to load write function WriteF";
}
else{
if((isset($_CONTEXT['ip_access']) && $_CONTEXT['ip_access']) || (isset($_CONTEXT['ip_allowed']) && count($_CONTEXT['ip_allowed'])!=0)){
$aDataR['jmessage'] = "Invalid default value for one or more variables";
}
else{
$sData = str_replace("\$_CONTEXT['ip_access'] = false;","\$_CONTEXT['ip_access'] = true;",$sData);
$sData = str_replace("\$_CONTEXT['ip_allowed'] = array();","\$_CONTEXT['ip_allowed'] = array(\"".$_POST['sIP']."\");",$sData);
WriteF($sDest,$sData,"w");
if(isset($_POST['passadd'])){
$aDataR['jnext'] = "pass";
}
$aDataR['jresult'] = true;
}
}
}
}
}
elseif(isset($_POST['passme'])){
$_POST['sPass1'] = trim($_POST['sPass1']);
$_POST['sPass2'] = trim($_POST['sPass2']);
if(!isset($_POST['sPass1'],$_POST['sPass2'])){
$aDataR['jmessage'] = "No passwords specified";
}
elseif(strlen($_POST['sPass1'])<6){
$aDataR['jmessage'] = "Passwords must be at least 6 characters";
}
elseif($_POST['sPass1']!=$_POST['sPass2']){
$aDataR['jmessage'] = "Passwords don't match";
}
else{
$sDest = "../vars.php";
$sData = @file_get_contents($sDest);
@include_once("../Functions/fwrite.php");
if(!is_writable($sDest)){
$aDataR['jmessage'] = "Make sure the file vars.php in root is writable";
}
else{
if(!function_exists("WriteF")){
$aDataR['jmessage'] = "Unable to load write function WriteF";
}
else{
if((isset($_CONTEXT['pass_access']) && $_CONTEXT['pass_access']) || (isset($_CONTEXT['pass_hash']) && $_CONTEXT['pass_hash']!=0) || (isset($_CONTEXT['pass_salt']) && $_CONTEXT['pass_salt']!=0)){
$aDataR['jmessage'] = "Invalid default value for one or more variables";
}
else{
$sSalt = substr(md5(mt_rand(0,time())),0,10);
$sData = str_replace("\$_CONTEXT['pass_access'] = false;","\$_CONTEXT['pass_access'] = true;",$sData);
$sData = str_replace("\$_CONTEXT['pass_salt'] = 0;","\$_CONTEXT['pass_salt'] = \"".$sSalt."\";",$sData);
$sData = str_replace("\$_CONTEXT['pass_hash'] = 0;","\$_CONTEXT['pass_hash'] = \"".sha1($sSalt.":".$_POST['sPass1'])."\";",$sData);
WriteF($sDest,$sData,"w");
$aDataR['jresult'] = true;
}
}
}
}
}
echo json_encode($aDataR);
?>