random gallery image
random tutorial
preview

..modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they function. what we..

read more

random other
xConverter

THC xConverter is a tool that makes use of (php) functions in order to calculate, fetch, convert and encrypt data

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Handler for Inject It

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
// set variable to be able to save a task
$_MODULE_C "thc_ii";
include_once(
"../../Includes/screen_header.php");
$_PATHS['injectlog'] = $_PATHS['module_default_root']."/logs/default.php";
include_once(
$_PATHS['style_root']."/screen.php");
include_once(
$_PATHS['functions_root']."/fwrite.php");
include_once(
$_PATHS['module_default_root']."/inject.php");
include_once(
$_PATHS['functions_root']."/scrn.php");
// options
$sOptions "<b>logging:</b> ".($_CONTEXT['log']==true "on" "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true "on" "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true "on" "off")."\n";
if(isset(
$_POST['submit'])){
    switch(
$_POST['submit']){
        
// scan
        
case"Scan":
        echo 
$sOut;
        
$_POST['iAttackType'] = ($_POST['iAttackType']!=1);
        if(
$_POST['iAttackType']==0){
            
// set static post variables to determine which variables to poison
            
$_STATIC = array("iAttackType","sTarget","sUseFile","aExploits","submit");
            
$_POISON = array();
            foreach(
$_POST as $sKey=>$mValue){
                if(!
in_array($sKey,$_STATIC)){
                    
$_POISON[] = $sKey;
                }
            }
            if(
false==($iPoison = @count($_POISON))){
                
// no variables selected to poison
                
die(Screen("<br>\n<b>No variables selected to poison</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
        }
        else{
            
$sDest $_PATHS['module_default_root']."/urls/".ExploitFilter($_POST['sUseFile'],0,1);
            if(!
file_exists($sDest)){
                
// file doesn't exist
                
die(Screen("<br>\n<b>Log file doesn't exist</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
            if(
filesize($sDest)==0){
                
// target file is empty
                
die(Screen("<br>\n<b>Target file is empty</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
        }
        if(
false==($iExploits = @count($_POST['aExploits']))){
            
// no exploits selected
            
die(Screen("<br>\n<b>No exploits selected</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));
        }
        
// used for creating the exploiturl and initialize the attack
        
@include_once($_PATHS['module_default_root']."/func_exploiturl.php");
        @include_once(
$_PATHS['module_default_root']."/func_payloadsend.php");
        @include_once(
$_PATHS['module_default_root']."/func_parseresponse.php");
        
// buffer for logging
        
$sBuffer "";
        
// generate a unique scan id
        
$sID substr(md5(time()),0,10);
        include_once(
$_PATHS['includes_root']."/task_start.php");
        echo 
Screen("<br>\n<b>Running..</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
        
// spit fire...
        
flush();
        
ob_flush();
        if(
$_POST['iAttackType']==1){
            
// mass scan
            
@include_once($_PATHS['functions_root']."/exploit_filter.php");
            
$aFile file($sDest);
            for(
$x=0;$x<count($aFile);$x++){
                if(
$aFile[$x]!=""){
                    
// parse url, attack it, send exploit and parse response
                    
foreach($_CONTEXT['inject'] as $sKey=>$aExploitP){
                        
$sUrl ExploitUrl(trim($aFile[$x]),$_CONTEXT['inject'],$sKey);
                        
$aResponse PayloadSend($sUrl,$_CONTEXT['curloptions']);
                        
$sBuffer .= $sID."|".time()."|".trim($aFile[$x])."|".$sKey."|";
                        
$bResult ParseResponse($aResponse['data'],$_CONTEXT['inject'][$sKey]['response']);
                        
$sBuffer .= ($bResult 0)."\n";
                        echo 
Screen("<br>\n".$aFile[$x]." ".($bResult "could be" "isn't")." exploitable with ".$sKey."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
                    }
                }
            }
        }
        else{
            
// single scan
            
for($x=0;$x<$iExploits;$x++){
                
$sUrl ExploitUrl($_POST['sTarget'],$_CONTEXT['inject'],$_POST['aExploits'][$x],$_POISON);
                
$aResponse PayloadSend($_POST['sTarget'],$_CONTEXT['curloptions']);
                
$sBuffer .= $sID."|".time()."|".$_POST['sTarget']."|".$_POST['aExploits'][$x]."|";
                
$bResult ParseResponse($aResponse['data'],$_CONTEXT['inject'][$_POST['aExploits'][$x]]['response']);
                
$sBuffer .= ($bResult 0)."\n";
                echo 
Screen("<br>\n".$_POST['sTarget']." ".($bResult "could be" "isn't")." exploitable with ".$_POST['aExploits'][$x]."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
            }
        }
        if(
$_POST['iLogType']==1){
            
WriteF($_PATHS['injectlog'],$sBuffer,"a");
        }
        break;
        
// dump log
        
case"Dump Log":
        echo 
$sOut;
        @include_once(
$_PATHS['functions_root']."/raw_to_array.php");
        if(
false==($aKeys RawToArray($_PATHS['injectlog']))){
            echo
"<b id=h7>[no logs found]</b>";
        }
        else{
            
$sThisSession "";
            for(
$x=0;$x<count($aKeys);$x++){
                if(
$x==0){
                    
$sThisSession $aKeys[$x][0];
                    echo
"<p><b>session ".$sThisSession."</b><br />\n";
                }
                elseif(
$sThisSession!=$aKeys[$x][0]){
                    
$sThisSession $aKeys[$x][0];
                    echo
"</p><p><b>session ".$sThisSession."</b><br />\n";
                }
                echo
"<b>[".date($_CONTEXT['time_pattern'].' H:i:s',$aKeys[$x][1])."]</b> (".$aKeys[$x][2].") inject ".$aKeys[$x][3].", result ".(trim($aKeys[$x][4])=="<b id=\"h6\">SUCCESS</b>" "<b id=\"h7\">FAILED</b>")."<br>\n";
            }
            echo
"</p>";
        }
        echo 
$sEnd;
        exit;
        break;
        
// clean logfile
        
case"Truncate Log":
        echo 
$sOut;
        echo (
WriteF($_PATHS['injectlog'],"","w")==true "Successfully deleted old entries." "Failed to delete old entries.");
        echo 
$sEnd;
        exit;
        break;
        
// just show index
        
default:
        echo 
$sOut;
        echo 
$sOptions;
        echo 
$sEnd;
        exit;
    }
}
else{
    echo 
$sOut;
    echo 
$sOptions;
    echo 
$sEnd;
    exit;
}
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo 
$sEnd;
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3929
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.