..cool, we will make a new module and not just some new module, nope let's make a fully automatic injection script! This tutorial is the first step into making this. Let's first..
AntiFTP uses wordlists in order to bruteforce FTP user accounts
<?php
/* all native apps for configuration */
include_once("header.php");
$_CONTEXT['page_title'] = "THC HackSuite CMS: CONFIGURATION";
$_CONTEXT['subtitle'] = "Configuration Panel";
// we need the native apps
$sPage = $_PATHS['data_root']."/nativeconfig.php";
(!IsThere($sPage) ? include_once($_PATHS['end']) : include_once($sPage));
$sCode = "";
if(isset($_POST['iCFG']) && $_POST['iCFG']!=""){
$_POST['iCFG'] = intval($_POST['iCFG']);
// get the right page
if(!isset($_CONTEXT['native'][$_POST['iCFG']][1])){
$_CONTEXT['errors'][] = "Native tool doesn't exist.";
include_once($_PATHS['end']);
}
else{
$sPage = $_PATHS['root']."/Native/".$_CONTEXT['native'][$_POST['iCFG']][1];
// even though most references are gone, we can't change this class name as there are still programs relying on this
$sCode .= " <div class=\"configmenu\">\n";
(!IsThere($sPage) ? include_once($_PATHS['end']) : include_once($sPage));
$sCode .= " <center class=\"centercfg emboss borderr10 border1pxstrans pad5\"><a href=\"javascript:history.back(1)\">back to previous</a> || <a href=\"configuration.php\">back to configuration</a></center>\n";
$sCode .= "</div>";
}
}
else{
// sort categories
$_CONTEXT['cfgcts'] = array();
for($x=0;$x<count($_CONTEXT['native']);$x++){
if(!isset($_CONTEXT['cfgcts'][$_CONTEXT['native'][$x][4]])){
// new sub category
$_CONTEXT['cfgcts'][$_CONTEXT['native'][$x][4]] = array();
$_CONTEXT['cfgcts'][$_CONTEXT['native'][$x][4]][0] = array($_CONTEXT['native'][$x][0],$_CONTEXT['native'][$x][2],$_CONTEXT['native'][$x][3],$x);
}
else{
$_CONTEXT['cfgcts'][$_CONTEXT['native'][$x][4]][] = array($_CONTEXT['native'][$x][0],$_CONTEXT['native'][$x][2],$_CONTEXT['native'][$x][3],$x);
}
}
foreach($_CONTEXT['cfgcts'] as $sCategory=>$aValues){
$sCode .= " <div class=\"cc_summary emboss borderr5 border1pxtrans pad5 edgeglow\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">".strtoupper($sCategory)."</div>\n";
for($x=0;$x<count($aValues);$x++){
$sCode .= " <div class=\"w250 flt pad5 blk overflw\">\n";
$sCode .= " <div class=\"overflw\">\n";
$sDest = (file_exists($_PATHS['style_root']."/images/".$aValues[$x][1].".png") ? $_PATHS['style_root_http']."/images/".$aValues[$x][1].".png" : $sFalseImg);
$sCode .= " <div><a href=\"#\" class=\"wrapcfg\" id=\"".$aValues[$x][3]."\"><img src=\"".$sDest."\" border=\"0\" class=\"pad10\"></a></div>\n";
$sCode .= " <div class=\"borderr15 border1pxstrans pad10 emboss h80\"><a href=\"#\" class=\"wrapcfg\" id=\"".$aValues[$x][3]."\" title=\"".$aValues[$x][2]."\">".$aValues[$x][0]."</a><div>".$aValues[$x][2]."</div></div>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
}
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " </div>\n";
}
}
include_once($_PATHS['style_root']."/index.php");
?>