THC HackSuite File Library

random gallery image

random tutorial

preview

..one or more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they..

random vulnerability assesment

THC AntiEvil

Attempts to find suspicious and evil files or code

more about this module
more of this category
more modules

HackSuite File Library

Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.


<?php

/* Wordlist Manager



Author: Remco Kouw

Site: http://www.hacksuite.com

Last Edit: 08-03-2015

*/

$_CONTEXT['subtitle'] = "Wordlist Manager";

// target files we need, so make sure they are present

$aFiles = array($_PATHS['functions_root']."/get_file_data.php",$_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/getfilebydir.php");

for($x=0;$x<count($aFiles);$x++){

    (!IsThere($aFiles[$x]) ? include_once($_PATHS['end']) : include_once($aFiles[$x]));

}

// get files from the wordlist directory

$aFiles = GetFilesByDirectory($_PATHS['wordlists_root'],0);

if(!isset($_POST['submit'])){

    // select wordlist form

    $sSelect = "<select name=\"sList\">\n";

    $iFiles = count($aFiles);

    $sSubmit = "";

    if($iFiles>0){

        $sSubmit .= " <input type=\"submit\" name=\"submit\" value=\"Remove\"> <input type=\"submit\" name=\"submit\" value=\"View\">";

        for($x=0;$x<$iFiles;$x++){

            $sDest = $_PATHS['wordlists_root']."/".$aFiles[$x];

            // let's make the file selection menu

            $sSelect .= "<option value=\"".$aFiles[$x]."\">".$aFiles[$x]." - ".@round(filesize($sDest)/1024,2)." KB</option>\n";

        }

        $sSelect .= "</select>\n";

    }

    // form

    $sCode .= "            <form method=\"post\">\n";

    $sCode .= "            <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";

    $sCode .= "                <div class=\"embosshdrnocenter border1pxtrans pad10\" id=\"dscrp\">Manage your wordlists</div>\n";

    $sCode .= "                <div class=\"cc_record\" id=\"goaway\">\n";

    $sCode .= "                    <div class=\"flt pad3\">\n";

    $sCode .= "                        &gt; <a href=\"#\" class=\"importme\">import wordlist from url</a><br />\n";

    $sCode .= "                        &gt; <a href=\"index.php?module=thc_pg\">create new wordlist</a>\n";

    $sCode .= "                    </div>\n";

    $sCode .= "                </div>\n";

    $sCode .= "                <div class=\"clear\"></div>\n";

    $sCode .= "                <div class=\"cc_record\" id=\"goaway\">\n";

    $sCode .= "                    <div class=\"flt pad3 w150\">select wordlist:</div><div class=\"flt pad3\">".$sSelect."</div>\n";

    $sCode .= "                </div>\n";

    $sCode .= "                <div class=\"clear\"></div>\n";

    $sCode .= "                <div class=\"cc_record\" id=\"goaway\">\n";

    $sCode .= "                    <div class=\"flt pad3\">".$sSubmit."<input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /></div>\n";

    $sCode .= "                </div>\n";

    $sCode .= "            </div>\n";

    $sCode .= "            </form>\n";

    $sCode .= "<script type=\"text/javascript\">\n";

    $sCode .= "\$(document).ready(function(){\n";

    $sCode .= "    \$(\"a.importme\").click(function(e){\n";

    $sCode .= "        e.preventDefault();\n";

    $sCode .= "        \$('.cc_record#goaway').hide('fast');\n";

    $sCode .= "        \$('.embosshdrnocenter#dscrp').after('<div class=\"cc_record\"><div class=\"flt pad3\"><b>url:</b> <input type=\"text\" name=\"sUrl\" value=\"\" /></div></div><div class=\"clear\"></div><div class=\"cc_record\"><div class=\"flt pad3\"><input type=\"submit\" name=\"submit\" value=\"Import\" /></div></div><div class=\"clear\"></div>');\n";

    $sCode .= "    });\n";

    $sCode .= "});\n";

    $sCode .= "</script>\n";

}

elseif($_POST['submit']=="Remove"){

    // delete wordlist

    $sDest = ExploitFilter($_PATHS['wordlists_root']."/".$_POST['sList'],0,1);

    if(!file_exists($sDest)){

        $_CONTEXT['errors'][] = "Wordlist file doesn't exist";

        include_once($_PATHS['end']);

    }

    $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result'].(@unlink($sDest) ? "Removed wordlist file" : "Failed to remove wordlist file")."</div>";

}

elseif($_POST['submit']=="Import"){

    // import wordlist

    $aUrl = @parse_url($_POST['sUrl']);

    if(!isset($aUrl['host']) || empty($aUrl['host'])){

        $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Invalid url specified.</div>";

    }

    elseif(!isset($aUrl['path']) || empty($aUrl['path'])){

        $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No path specified.</div>";

    }

    else{

        $aExtensions = array("pwl","txt","dat","php","lst");

        $aExtension = @explode(".",$aUrl['path']);

        $sExtension = $aExtension[count($aExtension)-1];

        if(!in_array($sExtension,$aExtensions)){

            $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Invalid extension, if you really want to allow this extension you should open <b>Native/wordlistimport.php</b> and add the extension to <b>\$aExtensions</b></div>";

        }

        else{

            if(false===($sData = @file_get_contents($_POST['sUrl']))){

                $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Failed to get data from target.</div>";

            }

            else{

                $aData = explode("\n",$sData);

                if(strlen($aData[0])>20){

                    $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."The content doesn't seem to be a wordlist.</div>";

                }

                elseif(strlen($sData)<1024){

                    $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."File needs to be at least 1KB large.</div>";

                }

                else{

                    (!WriteF($_PATHS['wordlists_root']."/".time().".txt",$sData,"w") ? include_once($_PATHS['end']) : $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Successfully added wordlist.</div>");

                }

            }

        }

    }

}

elseif($_POST['submit']=="View"){

    // show source

    $sDest = ExploitFilter($_PATHS['wordlists_root']."/".$_POST['sList'],0,1);

    if(!file_exists($sDest)){

        $_CONTEXT['errors'][] = "Wordlist file doesn't exist";

        include_once($_PATHS['end']);

    }

    $sData = @str_replace("\n","<br />\n",htmlspecialchars(file_get_contents($sDest)));

    $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result'].$sData."</div>";

}

else{

    // invalid submission button

    $_CONTEXT['errors'][] = "Specified value for submission button is invalid.";

    include_once($_PATHS['end']);

}

?>

[ back ]

site stats

cms statistics:

version: 0.6.0
downloads: 4234
native: 26
modules: 21
apps: 2

support development

It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!

disclaimer

We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!

site resources

remote resources

partners and friends

Created by Remco Kouw. Powered by protein shakes and a high calorie diet.