..one or more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they..
Attempts to find suspicious and evil files or code
<?php
/* Wordlist Manager
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 08-03-2015
*/
$_CONTEXT['subtitle'] = "Wordlist Manager";
// target files we need, so make sure they are present
$aFiles = array($_PATHS['functions_root']."/get_file_data.php",$_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/getfilebydir.php");
for($x=0;$x<count($aFiles);$x++){
(!IsThere($aFiles[$x]) ? include_once($_PATHS['end']) : include_once($aFiles[$x]));
}
// get files from the wordlist directory
$aFiles = GetFilesByDirectory($_PATHS['wordlists_root'],0);
if(!isset($_POST['submit'])){
// select wordlist form
$sSelect = "<select name=\"sList\">\n";
$iFiles = count($aFiles);
$sSubmit = "";
if($iFiles>0){
$sSubmit .= " <input type=\"submit\" name=\"submit\" value=\"Remove\"> <input type=\"submit\" name=\"submit\" value=\"View\">";
for($x=0;$x<$iFiles;$x++){
$sDest = $_PATHS['wordlists_root']."/".$aFiles[$x];
// let's make the file selection menu
$sSelect .= "<option value=\"".$aFiles[$x]."\">".$aFiles[$x]." - ".@round(filesize($sDest)/1024,2)." KB</option>\n";
}
$sSelect .= "</select>\n";
}
// form
$sCode .= " <form method=\"post\">\n";
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\" id=\"dscrp\">Manage your wordlists</div>\n";
$sCode .= " <div class=\"cc_record\" id=\"goaway\">\n";
$sCode .= " <div class=\"flt pad3\">\n";
$sCode .= " > <a href=\"#\" class=\"importme\">import wordlist from url</a><br />\n";
$sCode .= " > <a href=\"index.php?module=thc_pg\">create new wordlist</a>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\" id=\"goaway\">\n";
$sCode .= " <div class=\"flt pad3 w150\">select wordlist:</div><div class=\"flt pad3\">".$sSelect."</div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\" id=\"goaway\">\n";
$sCode .= " <div class=\"flt pad3\">".$sSubmit."<input type=\"hidden\" name=\"iCFG\" value=\"".$_POST['iCFG']."\" /></div>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " </form>\n";
$sCode .= "<script type=\"text/javascript\">\n";
$sCode .= "\$(document).ready(function(){\n";
$sCode .= " \$(\"a.importme\").click(function(e){\n";
$sCode .= " e.preventDefault();\n";
$sCode .= " \$('.cc_record#goaway').hide('fast');\n";
$sCode .= " \$('.embosshdrnocenter#dscrp').after('<div class=\"cc_record\"><div class=\"flt pad3\"><b>url:</b> <input type=\"text\" name=\"sUrl\" value=\"\" /></div></div><div class=\"clear\"></div><div class=\"cc_record\"><div class=\"flt pad3\"><input type=\"submit\" name=\"submit\" value=\"Import\" /></div></div><div class=\"clear\"></div>');\n";
$sCode .= " });\n";
$sCode .= "});\n";
$sCode .= "</script>\n";
}
elseif($_POST['submit']=="Remove"){
// delete wordlist
$sDest = ExploitFilter($_PATHS['wordlists_root']."/".$_POST['sList'],0,1);
if(!file_exists($sDest)){
$_CONTEXT['errors'][] = "Wordlist file doesn't exist";
include_once($_PATHS['end']);
}
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result'].(@unlink($sDest) ? "Removed wordlist file" : "Failed to remove wordlist file")."</div>";
}
elseif($_POST['submit']=="Import"){
// import wordlist
$aUrl = @parse_url($_POST['sUrl']);
if(!isset($aUrl['host']) || empty($aUrl['host'])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Invalid url specified.</div>";
}
elseif(!isset($aUrl['path']) || empty($aUrl['path'])){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."No path specified.</div>";
}
else{
$aExtensions = array("pwl","txt","dat","php","lst");
$aExtension = @explode(".",$aUrl['path']);
$sExtension = $aExtension[count($aExtension)-1];
if(!in_array($sExtension,$aExtensions)){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Invalid extension, if you really want to allow this extension you should open <b>Native/wordlistimport.php</b> and add the extension to <b>\$aExtensions</b></div>";
}
else{
if(false===($sData = @file_get_contents($_POST['sUrl']))){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."Failed to get data from target.</div>";
}
else{
$aData = explode("\n",$sData);
if(strlen($aData[0])>20){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."The content doesn't seem to be a wordlist.</div>";
}
elseif(strlen($sData)<1024){
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['error']."File needs to be at least 1KB large.</div>";
}
else{
(!WriteF($_PATHS['wordlists_root']."/".time().".txt",$sData,"w") ? include_once($_PATHS['end']) : $sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result']."Successfully added wordlist.</div>");
}
}
}
}
}
elseif($_POST['submit']=="View"){
// show source
$sDest = ExploitFilter($_PATHS['wordlists_root']."/".$_POST['sList'],0,1);
if(!file_exists($sDest)){
$_CONTEXT['errors'][] = "Wordlist file doesn't exist";
include_once($_PATHS['end']);
}
$sData = @str_replace("\n","<br />\n",htmlspecialchars(file_get_contents($sDest)));
$sCode .= "<div class=\"spacingmsg\">".$_CONTEXT['result_headers']['result'].$sData."</div>";
}
else{
// invalid submission button
$_CONTEXT['errors'][] = "Specified value for submission button is invalid.";
include_once($_PATHS['end']);
}
?>