..will show you how to make a multi bridge between THC_DO, THC_SS and THC_II and keep track of the output in realtime using iframes. So what exactly are we going to do? First of all if..
AntiFTP uses wordlists in order to bruteforce FTP user accounts
<?php
/* maintenance */
include_once("header.php");
$_CONTEXT['page_title'] = "THC HackSuite CMS: Maintenance";
$_CONTEXT['subtitle'] = "HackSuite Maintenance";
$sJSDev = "<script type=\"text/javascript\" src=\"Templates/".$_PATHS['style_user']."/js/maintenance.js\"></script>\n";
$sJSDev .= "<script type=\"text/javascript\" src=\"Templates/".$_PATHS['style_user']."/js/maintenance_run.js\"></script>\n";
$_CONTEXT['headers'] = isset($_CONTEXT['headers']) ? $_CONTEXT['headers'].$sJSDev : $sJSDev;
$sCode = (isset($sCode) ? $sCode : "");
$sDest = $_PATHS['data_root']."/scan_types.php";
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if(isset($_GET['type'])){
// actions
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">RESULTS</div>\n";
$sCode .= " <div class=\"w700 flt pad5 blk overflw\">\n";
$sCode .= " <div class=\"output overflw\">\n";
// load scan type
if(is_numeric($_GET['type'])){
$_GET['type'] = intval($_GET['type']);
}
if(isset($_CONTEXT['scantypes'][$_GET['type']]['file'])){
// make sure the option is enabled
$_CONTEXT[$_CONTEXT['scantypes'][$_GET['type']]['enable_var']] = true;
include_once($_PATHS['includes_root']."/".ExploitFilter($_CONTEXT['scantypes'][$_GET['type']]['file'],0,1));
$sCode .= $_CONTEXT['scandata'][$_CONTEXT['scantypes'][$_GET['type']]['output_var']]=="" ? "no issues found" : $_CONTEXT['scandata'][$_CONTEXT['scantypes'][$_GET['type']]['output_var']];
}
else{
// custom actions not defined as a normal maintenance tool (defined in DATA_DIR/scan_types.php)
switch($_GET['type']){
/* scan for changes in file structure of the hacksuite */
case"changes":
// let's see if we have the installation map that was created when the hacksuite was first installed
$sDest = "Modules/thc_xm/profiles.php";
(!IsThere($sDest) ? include_once($_PATHS['end']) : include_once($sDest));
if(!isset($_CONTEXT['blueprints']) || !is_array($_CONTEXT['blueprints'])){
$_CONTEXT['errors'][] = "Expecting array <b>\$_CONTEXT['blueprints']</b> in <b>".$sDest."</b>";
$_CONTEXT['fatal'] = true;
include_once($_PATHS['end']);
}
else{
// let's see if the blueprint is configured
$_CONTEXT['blueprintfound'] = false;
for($x=0;$x<count($_CONTEXT['blueprints']);$x++){
if($_CONTEXT['blueprints'][$x][0]=="install" && $_CONTEXT['blueprints'][$x][1]=="thchs.map"){
$_CONTEXT['blueprintfound'] = true;
break;
}
}
}
if($_CONTEXT['blueprintfound']){
// it is configured, make sure it is there
$sDest = "Modules/thc_xm/BluePrints/thchs.map";
if(!file_exists($sDest)){
$_CONTEXT['errors'][] = "Expecting blueprint in <b>".$sDest."</b>";
$_CONTEXT['fatal'] = true;
include_once($_PATHS['end']);
}
else{
// generate javascript that sends the blueprint validation task
$sCode .= " <script>\n";
$sCode .= " \$(document).ready(function(){\n";
$sCode .= " \$.ajax({\n";
$sCode .= " type: \"POST\",\n";
$sCode .= " url: \"Modules/thc_xm/mapper.php\",\n";
$sCode .= " data: \"sProfile=thchs.map\",\n";
$sCode .= " dataType: \"json\",\n";
$sCode .= " beforeSend: function(){\n";
$sCode .= " \$(\"div.output\").html(\"please wait..\");\n";
$sCode .= " },\n";
$sCode .= " success: function(json){\n";
$sCode .= " if(json.jresult==false){\n";
$sCode .= " alert(json.jerror);\n";
$sCode .= " }\n";
$sCode .= " else{\n";
$sCode .= " \$(\"div.output\").html(json.jmessage);\n";
$sCode .= " }\n";
$sCode .= " }\n";
$sCode .= " });\n";
$sCode .= " });\n";
$sCode .= " </script>\n";
}
}
else{
$sCode = "No installation blueprint found";
}
break;
/* scan for all */
case"all":
for($iii=0;$iii<count($_CONTEXT['scantypes']);$iii++){
$_CONTEXT[$_CONTEXT['scantypes'][$iii]['enable_var']] = true;
include_once($_PATHS['includes_root']."/".ExploitFilter($_CONTEXT['scantypes'][$iii]['file'],0,1));
$sCode .= " <div class=\"emboss pad5 borderr5\"><b>".$_CONTEXT['scantypes'][$iii]['label']."</b></div>\n";
$sCode .= $_CONTEXT['scandata'][$_CONTEXT['scantypes'][$iii]['output_var']]=="" ? "no issues found" : $_CONTEXT['scandata'][$_CONTEXT['scantypes'][$iii]['output_var']];
}
break;
/* scan for evil code */
case"evil":
$sDest = "Modules/thc_ae/data/languages/php.txt";
if(!IsThere($sDest)){
include_once($_PATHS['end']);
}
else{
$aFile = @file($sDest);
$oIterator = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($_PATHS['root']),RecursiveIteratorIterator::CHILD_FIRST);
$iIssues = 0;
$iFilesAll = 0;
$aFiles = array();
// go through the folder
foreach($oIterator as $oPath){
$aFilesT = array();
$sFileData = "";
if(!$oPath->isDir()){
// exceptions not to scan
$sName = $oPath->getFilename();
if($sName[0]!="." && $sName!="php.txt"){
$iFilesAll++;
$sExt = (@substr($oPath->getExtension(),0,3)=="php" ? "php" : $oPath->getExtension());
// buffer all issues
if(filesize($oPath->__toString())>0){
$sFileData = file_get_contents($oPath->__toString());
$sRelative = substr($oPath->__toString(),strlen($_SERVER['DOCUMENT_ROOT']));
for($x=0;$x<count($aFile);$x++){
$aFile[$x] = trim($aFile[$x]);
$iPos = strpos($sFileData,$aFile[$x]);
if(is_int($iPos)){
$iIssues++;
if(!isset($aFilesT['file'])){
$aFilesT['file'] = $sRelative;
$aFilesT['issues'] = array();
}
$aFilesT['issues'][] = substr($sFileData,$iPos,(strpos($sFileData,"\n",$iPos)-$iPos));
}
}
}
}
}
if(isset($aFilesT['file'])){
$aFiles[] = $aFilesT;
}
}
if(false!=($iFiles = count($aFiles))){
$sCode .= " <div class=\"lst\">\n";
for($x=0;$x<$iFiles;$x++){
// issues per file
$sCode .= " <div class=\"emboss pad5 borderr5 mt10\"><a href=\"#\" class=\"viewsrc\" title=\"".$aFiles[$x]['file']."\">".$aFiles[$x]['file']."</a></div>\n";
$sCode .= " <div>\n";
for($y=0;$y<count($aFiles[$x]['issues']);$y++){
// issue description
$sCode .= " <b>".($y+1)."</b> - ".trim($aFiles[$x]['issues'][$y])."<br />\n";
}
$sCode .= " </div>\n";
}
$sCode .= " </div>\n";
}
$sCode .= " <div class=\"mt10\">Files scanned: ".$iFilesAll.", Potential Issues: ".$iIssues."</div>\n";
}
break;
default:
$sCode .= " <div>Invalid maintenance request, action doesn't exist</div>\n";
}
}
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
}
else{
// options
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">ACTIONS</div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=changes\">find changes since installation</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=evil\">find potentially harmful code</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=1\">analyze log files</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=2\">find missing functions</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=3\">find obsolete result files</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=0\">find files bigger than x bytes</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
$sCode .= " <div class=\"cc_record\">\n";
$sCode .= " <div class=\"flt pad3\">- <a href=\"maintenance.php?type=all\">do a full maintenance scan</a></div>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
}
include_once($_PATHS['style_root']."/index.php");
?>