..I will show you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes. So what exactly are we going to do? First of all..
Attempts to find suspicious and evil files or code
<?php
/* Configuration file editor
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 17-03-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
$_CONTEXT['subtitle'] = "Configuration Editor";
$aTargetDirs = array("/Config","/Properties");
if(0!=($iPost = count($_POST)) && isset($_POST['sConfigFile'])){
// form submitted..
$sDest = $_PATHS['properties_root']."/".trim($_POST['sConfigFile']);
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if($iPost<4){
/* generate the requested html form */
include_once($_PATHS['functions_root']."/raw_to_array.php");
if(false===($aStructure = RawToArray($_PATHS['config_root']."/".$_POST['sConfigFile']))){
// turn raw data into array
$_CONTEXT['errors'][] = "Invalid or no file(data)";
include_once($_PATHS['end']);
}
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"cc_summary emboss borderr5 border1pxtrans pad5 edgeglow w700 overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad5\">edit configuration files</div>\n";
for($x=0;$x<count($aStructure);$x++){
// global check to see if we have the data we want
$sVar = $aStructure[$x][0];
if(!isset($_PROPERTIES[$aStructure[$x][0]])){
$_CONTEXT['errors'][] = "Invalid file data, unknown variable name <b>".$sVar."</b>";
include_once($_PATHS['end']);
}
$sCode .= " <div class=\"cc_record".($x!=0 ? " mt5" : "")."\">\n";
$sCode .= " <div class=\"flt pad3 w200\">".$_PROPERTIES[$sVar]['description']."</div><div class=\"flt pad3 w400\">";
// so how will we display the element?
if($_PROPERTIES[$sVar]['input_type']=="checkbox"){
// out as checkbox tag
$sCode .= "<input type=\"checkbox\" name=\"".$sVar."\" value=\"1\"".($aStructure[$x][1]==1 ? " checked" : "")." />";
}
elseif($_PROPERTIES[$sVar]['input_type']=="textarea"){
// out as textarea tag
$sCode .= "<textarea name=\"".$sVar."\" cols=25 rows=5>".$aStructure[$x][1]."</textarea>";
}
elseif($_PROPERTIES[$sVar]['input_type']=="select"){
// out as select tag
$sCode .= $_PROPERTIES[$sVar]['default_html'];
}
else{
// out as input tag(default)
$sCode .= "<input type=\"text\" name=\"".$sVar."\" value=\"".$aStructure[$x][1]."\" />";
}
$sCode .= "</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
}
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"hidden\" name=\"sConfigFile\" value=\"".$_POST['sConfigFile']."\" /><input type=\"submit\" name=\"submit\" value=\"Edit File\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
else{
/* validate and update the requested file */
$sData = "";
foreach($_PROPERTIES as $sVar=>$aValue){
// let's go through the vars in the properties, validate post input and buffer the new data file
if(!isset($_POST[$sVar])){
// ok if a var is from an checkbox html element, and isn't checked the var will be empty
if($aValue['input_type']!="checkbox"){
// missing variable in the form.. should never happen of course
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> missing in the <b>edit_config.php</b> form for <b>".$_POST['sConfigFile']."</b>";
include_once($_PATHS['end']);
}
$_POST[$sVar] = 0;
}
// if posted var is empty we'll treat it as zero
if($_POST[$sVar]==""){
$_POST[$sVar] = 0;
}
if(isset($_PROPERTIES['max_length']) && ($_PROPERTIES['max_length']>0 && strlen($_POST[$sVar])>$_PROPERTIES['max_length'])){
// exceeded allowed string length
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> exceeded the maximum length";
include_once($_PATHS['end']);
}
// now for the validation
switch($aValue['type_expected']){
// float
case"float":
if(!is_float((float) $_POST[$sVar])){
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> isn't a floating point number";
include_once($_PATHS['end']);
}
break;
// integer
case"int":
if(!is_int((int) $_POST[$sVar])){
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> isn't an integer number";
include_once($_PATHS['end']);
}
break;
// default
default:
// oh then treat it as a string
if(!is_string($_POST[$sVar])){
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> isn't a string";
include_once($_PATHS['end']);
}
}
// new lines and | can screw up the data
$sData .= $sVar."|".str_replace("|","¦",str_replace("\n"," ",$_POST[$sVar]))."\n";
}
// so did we get any stuff at all?
if($sData==""){
$_CONTEXT['errors'][] = "It seems as if there's no properties data for file <b>".$_POST['sConfigFile']."</b>";
include_once($_CONTEXT['end']);
}
// okidoki no errors so we should have safe content now..
$sDest = $_PATHS['functions_root']."/fwrite.php";
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if(!WriteF($_PATHS['config_root']."/".$_POST['sConfigFile'],trim($sData),"w")){
// update failed
include_once($_CONTEXT['end']);
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Update succeeded, click <a href=\"javascript:history.back();\">here</a> to go back</div>\n";
}
}
}
else{
/* ok let's get all files in the Config directory and their corresponding configuration files */
include_once($_PATHS['functions_root']."/getfilebydir.php");
$sSelect = "";
if(false!==($aFiles = GetFilesByDirectory($_PATHS['config_root']))){
/*
Files we need to create an editor:
- CONFIG_DIR/FILENAME -> contains raw data in the following format: VARIABLE_NAME|VALUE\n
- PROPERTIES_DIR/FILENAME -> contains properties for a configuration file in an array
*/
for($x=0;$x<count($aFiles);$x++){
if($aFiles[$x]=="index.php"){
continue;
}
// in each directory there's a file we need
$iFilesNeeded = count($aTargetDirs);
$iLeft = $iFilesNeeded;
for($y=0;$y<$iFilesNeeded;$y++){
if(file_exists($_PATHS['root'].$aTargetDirs[$y]."/".$aFiles[$x])){
$iLeft--;
}
}
if($iLeft!=0){
$_CONTEXT['errors'][] = "Make sure the file <b>".$aFiles[$x]."</b> can be found in the directories: ".@implode(",",$aTargetDirs)." - (".$iLeft."/".$iFilesNeeded.")";
include_once($_PATHS['end']);
}
$sSelect .= "<option value=\"".$aFiles[$x]."\"".($sSelect!="" ? "" : " selected").">".$aFiles[$x]."</option>\n";
}
// setup configuration file selection form
$sSelect = "<select name=\"sConfigFile\">\n".$sSelect."</select>\n";
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"cc_summary emboss borderr5 border1pxtrans pad5 edgeglow w700 overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad5\">edit configuration files</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w100\">file</div><div class=\"flt pad3\">".$sSelect."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"submit\" value=\"Edit File\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No files in the configuration directory</div>\n";
}
}
?>