..one or more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they..
Attempts to find suspicious and evil files or code
<?php
/*
Bruteforce the TestServer
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 12-11-2014
*/
if(!defined('IN_SCRIPT')){
exit;
}
// properties for this callback
$_CBACKD = array("Attack THC_HS Login","callbackbf.php");
// we still want the callback to work when the username or the success message changes
$aAttackVars = file($_PATHS['config_root']."/login_single_user.php");
$aAttackVarsU = explode("|",$aAttackVars[4]);
$aAttackVarsS = explode("|",$aAttackVars[8]);
$aGlobalConfig = array();
$aGlobalConfig['user'] = trim($aAttackVarsU[1]);
$aGlobalConfig['success'] = trim($aAttackVarsS[1]);
/* variable properties */
// visibility: [0] => hidden, [1] => visible, [2] => don't do anything
$_CBACKV = array();
$_CBACKV[0] = array();
$_CBACKV[0]['value'] = @str_replace("Modules/thc_ss/","",$_PATHS['servers_root_http'])."/login_single_user.php";
$_CBACKV[0]['row'] = "a1";
$_CBACKV[0]['fieldclass'] = "a1f";
$_CBACKV[0]['visibility'] = 0;
$_CBACKV[1] = array();
// set to zero, bcoz we wanna be as fast as possible when bruteforcing
$_CBACKV[1]['value'] = "0";
$_CBACKV[1]['row'] = "a2";
$_CBACKV[1]['fieldclass'] = "a2f";
$_CBACKV[1]['visibility'] = 0;
$_CBACKV[2] = array();
$_CBACKV[2]['value'] = $aGlobalConfig['success'];
$_CBACKV[2]['fieldclass'] = "a5f";
$_CBACKV[2]['row'] = "a4";
$_CBACKV[2]['visibility'] = 0;
$_CBACKV[3] = array();
$_CBACKV[3]['value'] = "post";
$_CBACKV[3]['row'] = "a5";
$_CBACKV[3]['fieldclass'] = "a6f";
$_CBACKV[3]['visibility'] = 0;
$_CBACKV[4] = array();
$_CBACKV[4]['value'] = 1;
$_CBACKV[4]['row'] = "a6";
$_CBACKV[4]['fieldclass'] = "scanf";
$_CBACKV[4]['visibility'] = 2;
$_CBACKV[5] = array();
// empty won't set any value
$_CBACKV[5]['value'] = "";
$_CBACKV[5]['row'] = "callbackfunction";
$_CBACKV[5]['fieldclass'] = "callbackfunctionf";
$_CBACKV[5]['visibility'] = 1;
if(!isset($_GETCBACK)){
/* Script that brute forces the testserver of the hacksuite
Callbck must always produce a query string, which will be passed back to the SScan module so it can be attached to the query string.
NOTE 1: this function uses global variables in order to construct the string which will be added to the query.
NOTE 2: settings from the thc_ss scan will automatically be adjusted to thc_hs' html login
NOTE 3: don't rewrite this function, instead make a new one with the same name
PARAMETERS:
NONE
RETURNS:
STRING: query string OR break key word BREAK
*/
if(!function_exists("Callbck")){
function Callbck(){
global $iOffsetKeyword;
global $aListWord;
global $aGlobalConfig;
if(!isset($aListWord[$iOffsetKeyword])){
// break script
return("BREAK");
}
$sString = "user=".$aGlobalConfig['user']."&pass=".trim($aListWord[$iOffsetKeyword]);
$iOffsetKeyword++;
return($sString);
}
}
// load thc wordlist
if(false===($aListWord = @file($_PATHS['wordlists_root']."/pw_a.txt"))){
die($sOut."You need the wordlist associated with the login_single_user.php server.".$sEnd);
}
$iOffsetKeyword = 0;
// dissect the target
$aUrl = @parse_url($_CBACKV[0]['value']);
// set loops variable
$iLoops = count($aListWord);
// make a copy of the old query
$aUrl['queryold'] = (isset($aUrl['query']) && $aUrl['query']!="" ? $aUrl['queryold'] : "");
}
?>