random gallery image
random tutorial
preview..tutorial we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the..
random vulnerability assesment
THC AntiEvil
Attempts to find suspicious and evil files or code
HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/* Database connecter for Medusa
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 10-03-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
$_CONTEXT['subtitle'] = "Database Connecter";
// target files we need, so make sure they are present
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/getdirbydir.php",$_PATHS['data_root']."/dbprofiles.php");
for($x=0;$x<count($aFiles);$x++){
(!IsThere($aFiles[$x]) ? include_once($_PATHS['end']) : include_once($aFiles[$x]));
}
$sDest = $_PATHS['data_root']."/dbprofiles.php";
if(!$_CONTEXT['medusaforums'] = GetDirByDir($_PATHS['root']."/Apps/medusa/forums",0)){
// medusa isn't installed or in the wrong location
include_once($_PATHS['end']);
}
if(isset($_POST['sForum'])){
if(!in_array($_POST['sForum'],$_CONTEXT['medusaforums'])){
$_CONTEXT['errors'][] = "Invalid cms/forum specified";
include_once($_PATHS['end']);
}
}
if(!isset($_POST['submit'])){
// start connection manager
$sSelect = "<select name=\"sForum\">\n";
for($x=0;$x<count($_CONTEXT['medusaforums']);$x++){
// let's make the selection menu
$sSelect .= "<option value=\"".$_CONTEXT['medusaforums'][$x]."\">".$_CONTEXT['medusaforums'][$x]."</option>\n";
}
$sSelect .= "</select>\n";
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Medusa connection manager</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">select a product:</div>\n";
$sCode .= " <div class=\"flt pad3\">".$sSelect."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"dholder\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"submit\" value=\"Create Connection\" /> <input type=\"submit\" name=\"submit\" value=\"Show Connections\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
elseif($_POST['submit']=="Create Connection"){
// create and test connection form
if(!isset($_POST['sForum'])){
$_CONTEXT['errors'][] = "No cms/forum specified to create a connection for";
include_once($_PATHS['end']);
}
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Medusa connection manager setup</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">database host</div>\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"text\" name=\"sDBHost\" value=\"localhost\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">database user:</div>\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"text\" name=\"sDBUser\" value=\"\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">database pass:</div>\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"password\" name=\"sDBPass\" value=\"\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w150\">database name:</div>\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"text\" name=\"sDBName\" value=\"\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"hidden\" name=\"sForum\" value=\"".$_POST['sForum']."\"><input type=\"submit\" name=\"submit\" value=\"Save Connection\" /> <input type=\"submit\" name=\"submit\" value=\"Test Connection\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
elseif($_POST['submit']=="Save Connection"){
// save connection
$bOverWrite = false;
// try to connect before saving
$rConnect = @mysql_connect($_POST['sDBHost'],$_POST['sDBUser'],$_POST['sDBPass']);
if(!is_resource($rConnect) || @mysql_select_db($_POST['sDBName'])===false){
// fail so abort
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."This connection doesn't work, check your credentials</div>";
}
else{
if(!isset($_CONTEXT['dbcon'][$_POST['sForum']])){
// add to connections
$sData = file_get_contents($sDest);
$sTemplate = "\$_CONTEXT['dbcon'] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0]['db'] = \"".$_POST['sDBName']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0]['user'] = \"".$_POST['sDBUser']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0]['pass'] = \"".$_POST['sDBPass']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][0]['host'] = \"".$_POST['sDBHost']."\";";
$sData = str_replace("\$_CONTEXT['dbcon'] = array();",$sTemplate,$sData);
$bOverWrite = true;
}
else{
// check if this connection already exists
$bFound = false;
for($x=0;$x<count($_CONTEXT['dbcon'][$_POST['sForum']]);$x++){
if($_CONTEXT['dbcon'][$_POST['sForum']][$x]['db']==$_POST['sDBName'] && $_CONTEXT['dbcon'][$_POST['sForum']][$x]['host']==$_POST['sDBHost'] && $_CONTEXT['dbcon'][$_POST['sForum']][$x]['pass']==$_POST['sDBPass'] && $_CONTEXT['dbcon'][$_POST['sForum']][$x]['user']==$_POST['sDBUser']){
$bFound = true;
break;
}
}
if($bFound){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."This connection already exists in your profile</div>";
}
else{
// save connection
$aData = file($sDest);
$iItems = count($_CONTEXT['dbcon'][$_POST['sForum']]);
$sTemplate = "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."]['db'] = \"".$_POST['sDBName']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."]['user'] = \"".$_POST['sDBUser']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."]['pass'] = \"".$_POST['sDBPass']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$_POST['sForum']."'][".$iItems."]['host'] = \"".$_POST['sDBHost']."\";\n";
$sData = "";
for($x=0;$x<count($aData);$x++){
$sData .= $aData[$x];
if(strpos($aData[$x],"['".$_POST['sForum']."'][".($iItems - 1)."]['host']")>0){
$sData .= $sTemplate;
$bOverWrite = true;
}
}
if(!$bOverWrite){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No data to update</div>";
}
}
}
}
if($bOverWrite){
// overwrite file with new content
(!WriteF($sDest,$sData,"w") ? include_once($_PATHS['end']) : $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Successfully added connection</div>");
}
}
elseif($_POST['submit']=="Show Connections"){
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">Medusa remove connections</div>\n";
$sConnections = "";
foreach($_CONTEXT['dbcon'] as $sProduct=>$aValues){
$sConnections .= "<div><b>".$sProduct."</b></div>\n";
$sConnections .= "<blockquote>\n";
for($x=0;$x<count($aValues);$x++){
// let's make the selection menu
$sConnections .= "<div><input type=\"radio\" name=\"sDrop\" value=\"".$sProduct.":".$x."\" />".$aValues[$x]['db']."@".$aValues[$x]['host'].":".$aValues[$x]['user']."</div>\n";
}
$sConnections .= "</blockquote>\n";
}
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">".$sConnections."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"submit\" value=\"Drop Connection\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
elseif($_POST['submit']=="Drop Connection"){
// drop connection
if(!isset($_POST['sDrop'])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."You need to specify a connection that you want to drop.</div>";
}
else{
$aItem = @explode(":",$_POST['sDrop']);
if(!isset($_CONTEXT['dbcon'][$aItem[0]][$aItem[1]])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Selected connection doesn't exist.</div>";
}
else{
// get rid of the connection
if(@count($_CONTEXT['dbcon'][$aItem[0]])>1){
// just remove the connection
unset($_CONTEXT['dbcon'][$aItem[0]][$aItem[1]]);
$_CONTEXT['dbcon'][$aItem[0]] = array_values($_CONTEXT['dbcon'][$aItem[0]]);
}
else{
// get rid of the product array as a whole
unset($_CONTEXT['dbcon'][$aItem[0]]);
}
}
$sTemplate = "<?php\n";
$sTemplate .= "/* Database connections for THC Medusa */\n";
$sTemplate .= "\$_CONTEXT['dbcon'] = array();\n";
foreach($_CONTEXT['dbcon'] as $sProduct=>$aValues){
$iIndex = 0;
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'] = array();\n";
for($x=0;$x<count($aValues);$x++){
// let's make the selection menu
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."] = array();\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."]['db'] = \"".$aValues[$x]['db']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."]['user'] = \"".$aValues[$x]['user']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."]['pass'] = \"".$aValues[$x]['pass']."\";\n";
$sTemplate .= "\$_CONTEXT['dbcon']['".$sProduct."'][".$iIndex."]['host'] = \"".$aValues[$x]['host']."\";\n";
$iIndex++;
}
}
$sTemplate .= "?>\n";
(!WriteF($sDest,$sTemplate,"w") ? include_once($_PATHS['end']) : $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Successfully removed connection.</div>");
}
}
elseif($_POST['submit']=="Test Connection"){
// test connection
$rConnect = @mysql_connect($_POST['sDBHost'],$_POST['sDBUser'],$_POST['sDBPass']);
if(!is_resource($rConnect)){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Failed to create connection, check your credentials.</div>";
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result'].(@mysql_select_db($_POST['sDBName'])===false ? "Failed to create connection, invalid database or no permission.": "Connection was successful.")."</div>";
}
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Invalid action specified.</div>";
}
?>
powered by
site stats
cms statistics:
version: 0.6.0downloads: 4303
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
site resources
remote resources
partners and friends