..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first explain..
AntiFTP uses wordlists in order to bruteforce FTP user accounts
<?php
/* Configuration for AntiSocial
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 19-04-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
$_CONTEXT['subtitle'] = "AntiSocial Configuration";
// target files we need, so make sure they are present
$sDest = "Apps/antisocial/data/accounts.php";
if(file_exists($sDest)){
$aFiles = array($_PATHS['functions_root']."/get_file_data.php",$_PATHS['functions_root']."/getfilebydir.php",$_PATHS['functions_root']."/fwrite.php",$sDest,"Apps/antisocial/data/social.php");
for($x=0;$x<count($aFiles);$x++){
(!IsThere($aFiles[$x]) ? include_once($_PATHS['end']) : include_once($aFiles[$x]));
}
if(!isset($_POST['aPass']) && !isset($_POST['sType'])){
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Manage AntiSocial accounts and projects</div>\n";
$sCode .= " <div class=\"cc_record overflw borderr5 mt5\">\n";
$sCode .= " <div class=\"flt pad3 w150\"></div>\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"#\" class=\"newaccount\">add accounts</a><br />\n";
$iYouTube = @count($_CONTEXT['accounts']['youtube']);
$iFaceBook = @count($_CONTEXT['accounts']['facebook']);
$iTwitter = @count($_CONTEXT['accounts']['twitter']);
$iTotal = $iYouTube + $iFaceBook + $iTwitter;
if($iTotal>0){
if($iYouTube){
$sCode .= " - list <a href=\"#\" class=\"listme\">youtube</a>/gmail accounts (".$iYouTube.")<br />\n";
}
if($iFaceBook){
$sCode .= " - list <a href=\"#\" class=\"listme\">facebook</a> accounts (".$iFaceBook.")<br />\n";
}
if($iTwitter){
$sCode .= " - list <a href=\"#\" class=\"listme\">twitter</a> accounts (".$iTwitter.")<br />\n";
}
}
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\" id=\"newaccount\">\n";
$sSelect = "<select name=\"sType\" class=\"accounttype\">\n";
foreach($_CONTEXT['social'] as $sKey=>$aValues){
$sSelect .= "<option value=\"".$sKey."\">".$sKey."</option>\n";
}
$sSelect .= "</select>\n";
$sCode .= " <div class=\"flt pad3 w150\">type of account</div><div class=\"flt pad3\">".$sSelect."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\" id=\"newaccount\">\n";
$sCode .= " <div class=\"flt pad3 w150\">username</div><div class=\"flt pad3\"><input type=\"text\" name=\"aUser[]\" value=\"\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\" id=\"newaccount\">\n";
$sCode .= " <div class=\"flt pad3 w150\">password</div><div class=\"flt pad3\"><input type=\"password\" name=\"aPass[]\" value=\"\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\" id=\"placeholder\"></div>\n";
$sCode .= " <div class=\"cc_record\" id=\"newaccount\">\n";
$sCode .= " <div class=\"flt pad3 w150\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"submit\" class=\"addusersubmit\" value=\"Add\" /> <input type=\"submit\" name=\"submit\" class=\"adduserfields\" value=\"Add Fields\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
elseif(isset($_POST['sType'],$_POST['sUser'])){
// does this type of account actually exist
if(@!isset($_CONTEXT['accounts'][$_POST['sType']])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."This type of account isn't supported, click <a href=\"javascript:history.go(-1)\">here</a> to return</div>\n";
}
else{
if(!@count($_CONTEXT['accounts'][$_POST['sType']])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No accounts available for ".$_POST['sType'].", click <a href=\"javascript:history.go(-1)\">here</a> to return</div>\n";
}
else{
$sData = @file_get_contents($sDest);
$iData = strlen($sData);
$sRemove = '/\$_CONTEXT\[\'accounts\'\]\[\''.$_POST['sType'].'\'\]\[\]\s+=\s+array\(\"'.str_replace(".","\.",$_POST['sUser']).'\",\".*\"\)\;\s+/';
$sData = preg_replace($sRemove,"",$sData);
$iData2 = strlen($sData);
if($iData2<$iData){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."".(WriteF($sDest,$sData,"w") ? "Succesfully removed account." : "Failed to remove account.")."</div>";
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No data to remove.</div>";
}
}
}
}
elseif(isset($_POST['sType'],$_POST['aPass'])){
// does this type of account actually exist
if(@!isset($_CONTEXT['accounts'][$_POST['sType']])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."This type of account isn't supported, click <a href=\"javascript:history.go(-1)\">here</a> to return</div>\n";
}
else{
$iUser = @count($_POST['aUser']);
if(!$iUser){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No accounts submitted, click <a href=\"javascript:history.go(-1)\">here</a> to return</div>\n";
}
else{
// find duplicate entries
$aUnique = array_unique($_POST['aUser']);
if(count($aUnique)!=$iUser){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Each account can be only added once, click <a href=\"javascript:history.go(-1)\">here</a> to return</div>\n";
}
else{
// let's see if the accounts look valid or are already used
$aAccounts = $_CONTEXT['accounts'][$_POST['sType']];
$iAccounts = count($aAccounts);
$bPass = true;
$sNewData = "";
$sError = "";
for($x=0;$x<$iUser;$x++){
// if we have accounts make sure none of the submitted exists
if($iAccounts>0){
for($y=0;$y<$iAccounts;$y++){
if(in_array($aAccounts[$y][0],$_POST['aUser'])){
$sError = "Account for ".htmlspecialchars($_POST['aUser'][$x])." already exists";
$bPass = false;
break;
}
}
}
// does the email look valid
if(!@filter_var($_POST['aUser'][$x], FILTER_VALIDATE_EMAIL)){
$sError = "Email (".htmlspecialchars($_POST['aUser'][$x]).") is invalid";
$bPass = false;
break;
}
$sNewData .= "\$_CONTEXT['accounts']['".$_POST['sType']."'][] = array(\"".$_POST['aUser'][$x]."\",\"".$_POST['aPass'][$x]."\");\n";
}
if($bPass){
// store
$sSearch = "\$_CONTEXT['accounts']['".$_POST['sType']."'] = array();";
$sReplace = $sSearch."\n".trim($sNewData);
$sData = str_replace($sSearch,$sReplace,file_get_contents($sDest));
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."".(WriteF($sDest,$sData,"w") ? "Succesfully added account(s)." : "Failed to add account(s).")."</div>";
}
else{
// display error
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."".$sError.", click <a href=\"javascript:history.go(-1)\">here</a> to return</div>\n";
}
}
}
}
}
elseif(isset($_POST['sType'])){
$sAccounts = "";
for($x=0;$x<count($_CONTEXT['accounts'][$_POST['sType']]);$x++){
$sAccounts .= $_CONTEXT['accounts'][$_POST['sType']][$x][0]." <a href=\"#\" class=\"rmv\" id=\"".$_CONTEXT['accounts'][$_POST['sType']][$x][0]."\">[ remove ]</a><br />\n";
}
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result'].$sAccounts."</div>\n";
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Invalid action specified, click <a href=\"javascript:history.go(-1)\">here</a> to return</div>\n";
}
$sCode .= "<script type=\"text/javascript\">\n";
$sCode .= "\$('.cc_record#newaccount').hide();\n";
$sCode .= "\$(document).on(\"click\",\"a.newaccount\",function(e){\n";
$sCode .= " e.preventDefault();\n";
$sCode .= " \$('.cc_record#newaccount').show();\n";
$sCode .= "});\n";
$sCode .= "\$(document).on(\"click\",\"input.adduserfields\",function(e){\n";
$sCode .= " e.preventDefault();\n";
$sCode .= " var fieldsadd = ' <div class=\"clear\"></div><div class=\"cc_record\" id=\"newaccount\">';";
$sCode .= " fieldsadd += ' <div class=\"flt pad3 w150\">username</div><div class=\"flt pad3\"><input type=\"text\" name=\"aUser[]\" value=\"\" /></div>';";
$sCode .= " fieldsadd += ' </div>';";
$sCode .= " fieldsadd += ' <div class=\"clear\"></div>';";
$sCode .= " fieldsadd += ' <div class=\"cc_record\" id=\"newaccount\">';";
$sCode .= " fieldsadd += ' <div class=\"flt pad3 w150\">password</div><div class=\"flt pad3\"><input type=\"password\" name=\"aPass[]\" value=\"\" /></div>';";
$sCode .= " fieldsadd += ' </div>';";
$sCode .= " fieldsadd += ' <div class=\"clear\" id=\"next\"></div>';";
$sCode .= " \$('.clear#placeholder').before(fieldsadd);";
$sCode .= "});\n";
$sCode .= "\$(\".listme\").click(function(e){\n";
$sCode .= " e.preventDefault();\n";
$sCode .= " var form = \$('<form action=\"configuration.php\" method=\"post\">' + '<input type=\"hidden\" name=\"iCFG\" value=\"17\" /><input type=\"hidden\" name=\"sType\" value=\"'+$(this).html()+'\" />' + '</form>');\n";
$sCode .= " \$('body').append(form);\n";
$sCode .= " \$(form).submit();\n";
$sCode .= "});\n";
$sCode .= "\$(\".rmv\").click(function(e){\n";
$sCode .= " e.preventDefault();\n";
$sCode .= " var form = \$('<form action=\"configuration.php\" method=\"post\">' + '<input type=\"hidden\" name=\"iCFG\" value=\"17\" /><input type=\"hidden\" name=\"sType\" value=\"".@$_POST['sType']."\" /><input type=\"hidden\" name=\"sUser\" value=\"'+$(this).attr('id')+'\" />' + '</form>');\n";
$sCode .= " \$('body').append(form);\n";
$sCode .= " \$(form).submit();\n";
$sCode .= "});\n";
$sCode .= "</script>\n";
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."AntiSocial hasn't been found on this server</div>\n";
}
?>