random gallery image
random tutorial
preview

..modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they function. what we..

read more

random debugging
xAnalyze

xAnalyze is a module that can search through corrupt data and configuration files in order to find the exact position of errors

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Handler for xMap

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
set_time_limit(0);
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json; charset=utf-8');
$_DYNAMIC_ROOT "../..";
include_once(
"../../header.php");
$aDataR = array();
$aDataR['jresult'] = false;
// start setup
if(!function_exists("WriteF")){
    
$sDest "../../Functions/fwrite.php";
    include_once(
$sDest);
}
if(!
function_exists("ExploitFilter")){
    
$sDest "../../Functions/exploitfilter.php";
    include_once(
$sDest);
}
if(!
file_exists("profiles.php")){
    
$aDataR['jerror'] = "Profiles file doesn't exist.";
}
else{
    include_once(
"profiles.php");
    if(@
count($_CONTEXT['blueprints'])===false){
        
$aDataR['jerror'] = "Corrupt profiles file, expecting blueprints array.";
    }
}
// so are we safe to continue?
if(isset($aDataR['jerror'])){
    die(
json_encode($aDataR));
}
// survived startup, let's see what we're going to do:
if(isset($_POST['sBluePrintFolder'])){
    
/* Create folder blueprint */
    
$sBase = @trim($_POST['sBluePrintFolder']);
    if(!isset(
$_POST['sName']) || !isset($_POST['sFileZ']) || empty($_POST['sName']) || empty($_POST['sFileZ'])){
        
$aDataR['jerror'] = "You need to specify a folder and a name for the map.";
    }
    else{
        
// make sure we have nothing but clean content that doesn't exist already
        
$_POST['sFileZ'] .= ".map";
        
$sName ExploitFilter($_POST['sName'],1,1);
        
$sFileZ ExploitFilter($_POST['sFileZ'],1,1);
        
$bFound false;
        for(
$x=0;$x<count($_CONTEXT['blueprints']);$x++){
            if(
$sName==$_CONTEXT['blueprints'][$x][0] || $sFileZ==$_CONTEXT['blueprints'][$x][1]){
                
$bFound true;
                break;
            }
        }
        if(
$bFound){
            
$aDataR['jerror'] = "The map name and filename can't exist yet.";
        }
        elseif(
$sName!=$_POST['sName'] && $sFileZ!=$_POST['sFileZ']){
            
$aDataR['jerror'] = "Found a xss or a possible file injection, just enter the name of the file and the name of the map.";
        }
        else{
            
// if we have an existing directory then it's time to enumerate all the files
            
if(!is_dir($sBase)){
                
$aDataR['jerror'] = "Unaccessible directory, check your spelling or permissions.";
            }
            else{
                
// iterator, iterator we want iterator!
                
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($sBase),RecursiveIteratorIterator::CHILD_FIRST);
                
$_FILES = array();
                
$_DATA = array();
                
$_ITEM 0;
                foreach(
$iterator as $path){
                    if(!
$path->isDir()){
                        
// skip empty directories for validation, we only care about files
                        
$sPath $path->__toString();
                        
$sD str_replace($sBase,"",$sPath);
                        
$_FILES[$_ITEM] = $sD;
                        
$_DATA[$_ITEM] = array(@md5_file($sPath),@filesize($sPath));
                    }
                    
$_ITEM++;
                }
                
// map structure
                
$_MAP "[map]\n";
                
$_MAP .= "[created]".date($_CONTEXT['time_pattern'].' H:i:s',time())."[/created]\n";
                
$_MAP .= "[folder]".$sBase."[/folder]\n";
                
$_MAP .= "[items]".$_ITEM."[/items]\n";
                
$_MAP .= "[files]".serialize($_FILES)."[/files]\n";
                
$_MAP .= "[properties]".serialize($_DATA)."[/properties]\n";
                
$_MAP .= "[/map]\n";
                
$sMapFile "BluePrints/".$sFileZ;
                if(
false===($bCreated WriteF($sMapFile,$_MAP,"w"))){
                    
$aDataR['jerror'] = "Failed to create map.";
                }
                else{
                    
$sProfileData file_get_contents("profiles.php");
                    
$sAdd "\$_CONTEXT['blueprints'][] = array(\"".$sName."\",\"".$sFileZ."\");\n?>";
                    
$sProfileData str_replace("?>",$sAdd,$sProfileData);
                    if(
false===($bCreated WriteF("profiles.php",$sProfileData,"w"))){
                        
$aDataR['jerror'] = "Failed to create profile for the new map.";
                        @
unlink($sMapFile);
                    }
                    else{
                        
$aDataR['jresult'] = true;
                        
$aDataR['jmessage'] = "Successfully created map.";
                    }
                }
            }
        }
    }
}
elseif(isset(
$_POST['sProfile'])){
    
/* Compare folder blueprint */
    
$sDest "BluePrints/".ExploitFilter($_POST['sProfile'],0,1);
    if(!
file_exists($sDest)){
        
$aDataR['jerror'] = "Specified blueprint doesn't exist";
    }
    else{
        
$sData file_get_contents($sDest);
        
preg_match('/\[files\](.*)\[\/files\]/',$sData,$aFilesX);
        
$aFilesBP unserialize($aFilesX[1]);
        
$iFilesBP = @count($aFilesBP);
        if(!
$iFilesBP){
            
// empty map or corrupt data
            
$aDataR['jerror'] = "Invalid map structure or the map doesn't exist.";
        }
        else{
            
// extract the rest of the data from the map
            
preg_match('/\[created\](.*)\[\/created\]/',$sData,$aCreatedX);
            
preg_match('/\[folder\](.*)\[\/folder\]/',$sData,$aFolderX);
            
preg_match('/\[items\](.*)\[\/items\]/',$sData,$aItemsX);
            
preg_match('/\[properties\](.*)\[\/properties\]/',$sData,$aPropertiesX);
            
$sCreatedBP $aCreatedX[1];
            
$sRootFolderBP $aFolderX[1];
            
$aPropertiesBP unserialize($aPropertiesX[1]);
            
$iterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($sRootFolderBP),RecursiveIteratorIterator::CHILD_FIRST);
            
// buffers for results
            
$_CHANGED = array();
            
$_MIA = array();
            
$_NEW = array();
            foreach(
$iterator as $path){
                if(!
$path->isDir()){
                    
$sPath $path->__toString();
                    
$sD str_replace($sRootFolderBP,"",$sPath);
                    if(!
in_array($sD,$aFilesBP)){
                        
// new file
                        
$_NEW[] = $sPath;
                    }
                    else{
                        
// this file already existed when we created the map
                        
$iDelete = -1;
                        foreach(
$aFilesBP as $iKey=>$sValue){
                            if(
$sD==$sValue){
                                
$iDelete $iKey;
                            }
                        }
                        if(
$iDelete>-1){
                            
// find changes
                            
$sMD5File = @md5_file($sPath);
                            
$iFileSize = @filesize($sPath);
                            if(
$aPropertiesBP[$iDelete][0]!=$sMD5File || $aPropertiesBP[$iDelete][1]!=$iFileSize){
                                
$_CHANGED[] = $sPath;
                            }
                            
// reduce the arrays size with every match
                            
unset($aFilesBP[$iDelete]);
                            unset(
$aPropertiesBP[$iDelete]);
                        }
                    }
                }
            }
            
$aFilesBP = @array_values($aFilesBP);
            
$aPropertiesBP = @array_values($aPropertiesBP);
            
$sJSON "";
            
$aDataD = array();
            
$aDataD[0] = array("Missing In Action:","aFilesBP");
            
$aDataD[1] = array("New Found Files:","_NEW");
            
$aDataD[2] = array("Changed Files:","_CHANGED");
            for(
$x=0;$x<count($aDataD);$x++){
                
$sJSON .= "<b>".$aDataD[$x][0]."</b><blockquote>";
                for(
$y=0;$y<count($$aDataD[$x][1]);$y++){
                    
$sJSON .= ${$aDataD[$x][1]}[$y]."<br />";
                }
                
$sJSON .= "</blockquote><br />";
            }
            
$aDataR['jmessage'] = $sJSON;
            
$aDataR['jresult'] = true;
        }
    }
}
else{
    
/* invalid action */
    
$aDataR['jerror'] = "Invalid action specified";
}
echo 
json_encode($aDataR);
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3836
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.