random gallery image
random tutorial
preview..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first..
random information gathering
THC Discover
Discovers interesting locations, paths and data of a website
HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/* Configuration file editor
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 17-03-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
$_CONTEXT['subtitle'] = "Configuration Editor";
$aTargetDirs = array("/Config","/Properties");
if(0!=($iPost = count($_POST)) && isset($_POST['sConfigFile'])){
// form submitted..
$sDest = $_PATHS['properties_root']."/".trim($_POST['sConfigFile']);
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if($iPost<4){
/* generate the requested html form */
include_once($_PATHS['functions_root']."/raw_to_array.php");
if(false===($aStructure = RawToArray($_PATHS['config_root']."/".$_POST['sConfigFile']))){
// turn raw data into array
$_CONTEXT['errors'][] = "Invalid or no file(data)";
include_once($_PATHS['end']);
}
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"cc_summary emboss borderr5 border1pxtrans pad5 edgeglow w700 overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad5\">edit configuration files</div>\n";
for($x=0;$x<count($aStructure);$x++){
// global check to see if we have the data we want
$sVar = $aStructure[$x][0];
if(!isset($_PROPERTIES[$aStructure[$x][0]])){
$_CONTEXT['errors'][] = "Invalid file data, unknown variable name <b>".$sVar."</b>";
include_once($_PATHS['end']);
}
$sCode .= " <div class=\"cc_record".($x!=0 ? " mt5" : "")."\">\n";
$sCode .= " <div class=\"flt pad3 w200\">".$_PROPERTIES[$sVar]['description']."</div><div class=\"flt pad3 w400\">";
// so how will we display the element?
if($_PROPERTIES[$sVar]['input_type']=="checkbox"){
// out as checkbox tag
$sCode .= "<input type=\"checkbox\" name=\"".$sVar."\" value=\"1\"".($aStructure[$x][1]==1 ? " checked" : "")." />";
}
elseif($_PROPERTIES[$sVar]['input_type']=="textarea"){
// out as textarea tag
$sCode .= "<textarea name=\"".$sVar."\" cols=25 rows=5>".$aStructure[$x][1]."</textarea>";
}
elseif($_PROPERTIES[$sVar]['input_type']=="select"){
// out as select tag
$sCode .= $_PROPERTIES[$sVar]['default_html'];
}
else{
// out as input tag(default)
$sCode .= "<input type=\"text\" name=\"".$sVar."\" value=\"".$aStructure[$x][1]."\" />";
}
$sCode .= "</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
}
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"hidden\" name=\"sConfigFile\" value=\"".$_POST['sConfigFile']."\" /><input type=\"submit\" name=\"submit\" value=\"Edit File\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
else{
/* validate and update the requested file */
$sData = "";
foreach($_PROPERTIES as $sVar=>$aValue){
// let's go through the vars in the properties, validate post input and buffer the new data file
if(!isset($_POST[$sVar])){
// ok if a var is from an checkbox html element, and isn't checked the var will be empty
if($aValue['input_type']!="checkbox"){
// missing variable in the form.. should never happen of course
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> missing in the <b>edit_config.php</b> form for <b>".$_POST['sConfigFile']."</b>";
include_once($_PATHS['end']);
}
$_POST[$sVar] = 0;
}
// if posted var is empty we'll treat it as zero
if($_POST[$sVar]==""){
$_POST[$sVar] = 0;
}
if(isset($_PROPERTIES['max_length']) && ($_PROPERTIES['max_length']>0 && strlen($_POST[$sVar])>$_PROPERTIES['max_length'])){
// exceeded allowed string length
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> exceeded the maximum length";
include_once($_PATHS['end']);
}
// now for the validation
switch($aValue['type_expected']){
// float
case"float":
if(!is_float((float) $_POST[$sVar])){
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> isn't a floating point number";
include_once($_PATHS['end']);
}
break;
// integer
case"int":
if(!is_int((int) $_POST[$sVar])){
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> isn't an integer number";
include_once($_PATHS['end']);
}
break;
// default
default:
// oh then treat it as a string
if(!is_string($_POST[$sVar])){
$_CONTEXT['errors'][] = "Variable <b>\$".$sVar."</b> isn't a string";
include_once($_PATHS['end']);
}
}
// new lines and | can screw up the data
$sData .= $sVar."|".str_replace("|","¦",str_replace("\n"," ",$_POST[$sVar]))."\n";
}
// so did we get any stuff at all?
if($sData==""){
$_CONTEXT['errors'][] = "It seems as if there's no properties data for file <b>".$_POST['sConfigFile']."</b>";
include_once($_CONTEXT['end']);
}
// okidoki no errors so we should have safe content now..
$sDest = $_PATHS['functions_root']."/fwrite.php";
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if(!WriteF($_PATHS['config_root']."/".$_POST['sConfigFile'],trim($sData),"w")){
// update failed
include_once($_CONTEXT['end']);
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Update succeeded, click <a href=\"javascript:history.back();\">here</a> to go back</div>\n";
}
}
}
else{
/* ok let's get all files in the Config directory and their corresponding configuration files */
include_once($_PATHS['functions_root']."/getfilebydir.php");
$sSelect = "";
if(false!==($aFiles = GetFilesByDirectory($_PATHS['config_root']))){
/*
Files we need to create an editor:
- CONFIG_DIR/FILENAME -> contains raw data in the following format: VARIABLE_NAME|VALUE\n
- PROPERTIES_DIR/FILENAME -> contains properties for a configuration file in an array
*/
for($x=0;$x<count($aFiles);$x++){
if($aFiles[$x]=="index.php"){
continue;
}
// in each directory there's a file we need
$iFilesNeeded = count($aTargetDirs);
$iLeft = $iFilesNeeded;
for($y=0;$y<$iFilesNeeded;$y++){
if(file_exists($_PATHS['root'].$aTargetDirs[$y]."/".$aFiles[$x])){
$iLeft--;
}
}
if($iLeft!=0){
$_CONTEXT['errors'][] = "Make sure the file <b>".$aFiles[$x]."</b> can be found in the directories: ".@implode(",",$aTargetDirs)." - (".$iLeft."/".$iFilesNeeded.")";
include_once($_PATHS['end']);
}
$sSelect .= "<option value=\"".$aFiles[$x]."\"".($sSelect!="" ? "" : " selected").">".$aFiles[$x]."</option>\n";
}
// setup configuration file selection form
$sSelect = "<select name=\"sConfigFile\">\n".$sSelect."</select>\n";
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"cc_summary emboss borderr5 border1pxtrans pad5 edgeglow w700 overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad5\">edit configuration files</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3 w100\">file</div><div class=\"flt pad3\">".$sSelect."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\"></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"><input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /><input type=\"submit\" name=\"submit\" value=\"Edit File\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
}
else{
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No files in the configuration directory</div>\n";
}
}
?>
powered by
site stats
cms statistics:
version: 0.6.0downloads: 4018
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
site resources
remote resources
partners and friends