random gallery image
random tutorial

..we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the..

read more

random generators
THC xMap

Creates a blueprint/map of a server folder

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
Bruteforce the TestServer

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 12-11-2014
// properties for this callback
$_CBACKD = array("Attack THC_HS Login","callbackbf.php");
// we still want the callback to work when the username or the success message changes
$aAttackVars file($_PATHS['config_root']."/login_single_user.php");
$aAttackVarsU explode("|",$aAttackVars[4]);
$aAttackVarsS explode("|",$aAttackVars[8]);
$aGlobalConfig = array();
$aGlobalConfig['user'] = trim($aAttackVarsU[1]);
$aGlobalConfig['success'] = trim($aAttackVarsS[1]);
/* variable properties */
// visibility: [0] => hidden, [1] => visible, [2] => don't do anything
$_CBACKV = array();
$_CBACKV[0] = array();
$_CBACKV[0]['value'] = @str_replace("Modules/thc_ss/","",$_PATHS['servers_root_http'])."/login_single_user.php";
$_CBACKV[0]['row'] = "a1";
$_CBACKV[0]['fieldclass'] = "a1f";
$_CBACKV[0]['visibility'] = 0;
$_CBACKV[1] = array();
// set to zero, bcoz we wanna be as fast as possible when bruteforcing
$_CBACKV[1]['value'] = "0";
$_CBACKV[1]['row'] = "a2";
$_CBACKV[1]['fieldclass'] = "a2f";
$_CBACKV[1]['visibility'] = 0;
$_CBACKV[2] = array();
$_CBACKV[2]['value'] = $aGlobalConfig['success'];
$_CBACKV[2]['fieldclass'] = "a5f";
$_CBACKV[2]['row'] = "a4";
$_CBACKV[2]['visibility'] = 0;
$_CBACKV[3] = array();
$_CBACKV[3]['value'] = "post";
$_CBACKV[3]['row'] = "a5";
$_CBACKV[3]['fieldclass'] = "a6f";
$_CBACKV[3]['visibility'] = 0;
$_CBACKV[4] = array();
$_CBACKV[4]['value'] = 1;
$_CBACKV[4]['row'] = "a6";
$_CBACKV[4]['fieldclass'] = "scanf";
$_CBACKV[4]['visibility'] = 2;
$_CBACKV[5] = array();
// empty won't set any value
$_CBACKV[5]['value'] = "";
$_CBACKV[5]['row'] = "callbackfunction";
$_CBACKV[5]['fieldclass'] = "callbackfunctionf";
$_CBACKV[5]['visibility'] = 1;
/* Script that brute forces the testserver of the hacksuite
    Callbck must always produce a query string, which will be passed back to the SScan module so it can be attached to the query string.
    NOTE 1: this function uses global variables in order to construct the string which will be added to the query.
    NOTE 2: settings from the thc_ss scan will automatically be adjusted to thc_hs' html login
    NOTE 3: don't rewrite this function, instead make a new one with the same name
    STRING: query string OR break key word BREAK
// break script
$sString "user=".$aGlobalConfig['user']."&pass=".trim($aListWord[$iOffsetKeyword]);
// load thc wordlist
if(false===($aListWord = @file($_PATHS['wordlists_root']."/pw_a.txt"))){
$sOut."You need the wordlist associated with the login_single_user.php server.".$sEnd);
$iOffsetKeyword 0;
// dissect the target
$aUrl = @parse_url($_CBACKV[0]['value']);
// set loops variable
$iLoops count($aListWord);
// make a copy of the old query
$aUrl['queryold'] = (isset($aUrl['query']) && $aUrl['query']!="" $aUrl['queryold'] : "");
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 4303
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.