random gallery image
random tutorial

..one or more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they..

read more

random vulnerability assesment
THC AntiEvil

Attempts to find suspicious and evil files or code

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
Bruteforce the TestServer

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 12-11-2014
// properties for this callback
$_CBACKD = array("Attack THC_HS Login","callbackbf.php");
// we still want the callback to work when the username or the success message changes
$aAttackVars file($_PATHS['config_root']."/login_single_user.php");
$aAttackVarsU explode("|",$aAttackVars[4]);
$aAttackVarsS explode("|",$aAttackVars[8]);
$aGlobalConfig = array();
$aGlobalConfig['user'] = trim($aAttackVarsU[1]);
$aGlobalConfig['success'] = trim($aAttackVarsS[1]);
/* variable properties */
// visibility: [0] => hidden, [1] => visible, [2] => don't do anything
$_CBACKV = array();
$_CBACKV[0] = array();
$_CBACKV[0]['value'] = @str_replace("Modules/thc_ss/","",$_PATHS['servers_root_http'])."/login_single_user.php";
$_CBACKV[0]['row'] = "a1";
$_CBACKV[0]['fieldclass'] = "a1f";
$_CBACKV[0]['visibility'] = 0;
$_CBACKV[1] = array();
// set to zero, bcoz we wanna be as fast as possible when bruteforcing
$_CBACKV[1]['value'] = "0";
$_CBACKV[1]['row'] = "a2";
$_CBACKV[1]['fieldclass'] = "a2f";
$_CBACKV[1]['visibility'] = 0;
$_CBACKV[2] = array();
$_CBACKV[2]['value'] = $aGlobalConfig['success'];
$_CBACKV[2]['fieldclass'] = "a5f";
$_CBACKV[2]['row'] = "a4";
$_CBACKV[2]['visibility'] = 0;
$_CBACKV[3] = array();
$_CBACKV[3]['value'] = "post";
$_CBACKV[3]['row'] = "a5";
$_CBACKV[3]['fieldclass'] = "a6f";
$_CBACKV[3]['visibility'] = 0;
$_CBACKV[4] = array();
$_CBACKV[4]['value'] = 1;
$_CBACKV[4]['row'] = "a6";
$_CBACKV[4]['fieldclass'] = "scanf";
$_CBACKV[4]['visibility'] = 2;
$_CBACKV[5] = array();
// empty won't set any value
$_CBACKV[5]['value'] = "";
$_CBACKV[5]['row'] = "callbackfunction";
$_CBACKV[5]['fieldclass'] = "callbackfunctionf";
$_CBACKV[5]['visibility'] = 1;
/* Script that brute forces the testserver of the hacksuite
    Callbck must always produce a query string, which will be passed back to the SScan module so it can be attached to the query string.
    NOTE 1: this function uses global variables in order to construct the string which will be added to the query.
    NOTE 2: settings from the thc_ss scan will automatically be adjusted to thc_hs' html login
    NOTE 3: don't rewrite this function, instead make a new one with the same name
    STRING: query string OR break key word BREAK
// break script
$sString "user=".$aGlobalConfig['user']."&pass=".trim($aListWord[$iOffsetKeyword]);
// load thc wordlist
if(false===($aListWord = @file($_PATHS['wordlists_root']."/pw_a.txt"))){
$sOut."You need the wordlist associated with the login_single_user.php server.".$sEnd);
$iOffsetKeyword 0;
// dissect the target
$aUrl = @parse_url($_CBACKV[0]['value']);
// set loops variable
$iLoops count($aListWord);
// make a copy of the old query
$aUrl['queryold'] = (isset($aUrl['query']) && $aUrl['query']!="" $aUrl['queryold'] : "");
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 4234
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.