vrijdag 16 augustus 2013

Integration of medusa into the HackSuite

I have just created the database manager for THC Medusa and thought I'd share what I did so far on this new Application. As you can see in the image below the Medusa app is split into two apps. The white hat and the black hat version.

For now I need to integrate the rest of the application so that it can communicate with the suite because I started with this project as being standalone.

Anyway here's a sneak peek.

dinsdag 13 augustus 2013

New stuff I'm working on

Been some time since I updated the blog. For now I'm working on the pro version of the hacksuite. As you may know or not know I've stopped working on the free version of the hacksuite.

As we speak I'm integrating the medusa tool that I created earlier into the hacksuite, it's a complete suite that is used for finding weak passwords in cmses and forums. It can be used for whitehat and blackhat purposes. In white hat modus it will send a warning to users, in black hat style it steals passwords.
It can however do way more. I'm planning on creating a shell that can steal configuration files from cmses and forums. This together will make a deadly tool that can start stealing passwords within minutes if the site has a file upload vulnerability.

Medusa already supports around 20 of the most used cmeses and forums and adding new targets is easy with the supplied documentation.

vrijdag 24 mei 2013

Dominator new files and features so far

There's actually a lot more features, but I'm a coder and hate to update the changelog, here's a list though of what I've done so far:


// 0.5 - restricted password access to the suite?
$_CONTEXT['pass_access'] = false;
// 0.5 - pass hash
$_CONTEXT['pass_hash'] = 0;
// 0.5 - pass salt
$_CONTEXT['pass_salt'] = 0;
// 0.5 - sleep after failure in seconds
$_CONTEXT['sleeptime'] = 3;
// 0.5 - login file
$_CONTEXT['login_file'] = "login.php";
// 0.5 - redirect login failure
$_CONTEXT['redirect_fail_login'] = "http://www.google.com";
// 0.5 - allow remote rss feeds
$_CONTEXT['allow_remote_locations'] = true;
// 0.5 - used for automatic category filtering
$_CONTEXT['modcats'] = array();

// new files
- setup.php
- login.php
- auth.php
- json/login.php
- json/setup.php
- style/setup.php
- style/login.php
- style/headlogin.php
- style/bodylogin.php
- style/bodysetup.php
- style/css/login.css
- style/css/dominator.css
- style/js/login.js
- data/body.php
- data/remote.php
- includes/modset.php
- includes/sources.php
- includes/security.php
- includes/main_body_start.php
- includes/main_body_end.php
- rss/twitter.php
- rss/hsupdate.php

// new features
* updated jquery to 1.9.1
* login and setup
* paths.php new paths
* cleaned up js files
* removed caching (from rss class)

zaterdag 18 mei 2013

THC HackSuite Dominator 0.5

The FyreByte bloodline has come to an end, 0.4.7 was the last release in the 0.4 family. I'm now working on 0.5, this will be a kickass version with loads of new features and useless stuff will be dropped.

If you liked http://www.hackchallenge.net you're going to love 0.5 as it will have a similar layout and offers the same amount of jquery magic.

With the release of THC Dominator you will also find a new site @ http://www.hacksuite.com

Q: Will there be new modules?
A: None are planned, this release is more about adding new features and a better layout

Q: What will be dropped?
A: So far I will surely drop the FAQ section

Q: When will the old versions be available again?
A: The new site will host all the latest versions of every bloodline

Q: When will it be released?
A: I'm working on this alone, so it might take some time, I have no idea when, what or how. Stay tuned on this page, my facebook page and the hacksuite site itself

Cheers and happy hacking!

woensdag 6 februari 2013

New version of the hacksuite cms. I've uploaded 0.4.1, which comes with a new module and a new test server. Be sure to check it out.