Introduction to AntiZip

This documentation details the functionality of the THC AntiZip (thc_az) module.

AntiZip is a versatile and configurable tool designed to detect potentially harmful code within source code, folder names, and filenames.

Interface Parameters:

1. Wordlist: Select a wordlist from the Wordlists folder.
2. Select Action: Choose to display previously cracked passwords or initiate a new session.
3. Select File: Locate archive files in the zipfiles folder within the module's root directory.

ModGlue Variables:

1. $_CONTEXT['thc_az']['datafile']: (string) Absolute path to the data file where cracked passwords are stored.
2. $_CONTEXT['thc_az']['zipfolder']: (string) Absolute path to the zipfiles directory in the module's root folder.
3. $_CONTEXT['thc_az']['wordlist']: (string) Absolute path to the wordlist file in the Wordlists folder.
4. $_CONTEXT['thc_az']['passwords']: (array) List of passwords from the wordlist.
5. $_CONTEXT['thc_az']['zipfile']: (string) Absolute path to the file to be cracked in the zipfiles folder.
6. $_CONTEXT['thc_az']['passwordamounts']: (int) Total number of passwords in the wordlist.
7. $_CONTEXT['thc_az']['template']: (string) Template for successful password cracks (only applies to the Remove case).
8. $_CONTEXT['thc_az']['zip_results']: (array) Data from the log file (only applies to the Remove case).
9. $_CONTEXT['thc_az']['queries']: (int) Number of entries in the log file (only applies to the Remove case).
10. $_CONTEXT['thc_az']['update']: (boolean) True if the specified entry was found, false otherwise (only applies to the Remove case).
11. $_CONTEXT['thc_az']['record']: (int) Count of entries in the log file (only applies to the Remove case).
12. $_CONTEXT['thc_az']['validfile']: (boolean) True if the specified ID exists, false otherwise (only applies to the View case).
13. $_CONTEXT['thc_az']['zip_properties']['file']: (string) Filename of the cracked archive (only applies to the View case).
14. $_CONTEXT['thc_az']['zip_properties']['password']: (string) Password of the cracked archive (only applies to the View case).
15. $_CONTEXT['thc_az']['zip_properties']['time']: (int) Timestamp of when the archive was successfully cracked (only applies to the View case).
16. $_CONTEXT['thc_az']['newtemplate']: (string) Updated template containing data from cracked archives.
17. $_CONTEXT['thc_az']['password']: (string) Current password in the loop.
18. $_CONTEXT['thc_az']['extractdirectory']: (string) Absolute path in the module's zipfiles directory where the archive will be extracted to verify the password.
19. $_CONTEXT['thc_az']['status']: (boolean) True if the zip archive can be opened, false otherwise.
20. $_CONTEXT['thc_az']['string']: (string) Information string of the current password attempt sent back to the browser, indicating whether the attack was successful or not.
21. $_CONTEXT['thc_az']['error']: (string) Error message when the password is incorrect for the archive.
22. $_CONTEXT['thc_az']['correct']: (boolean) True if the password was correct, false otherwise.
23. $_CONTEXT['thc_az']['current']: (int) Number of cracked passwords in the template.
24. $_CONTEXT['thc_az']['function']: (string) Function to remove content when the archive is extracted (e.g., unlink or rmdir).

Resource Settings:

• Time Limit: PHP default.
• Memory Limit: PHP default.

Expanding AntiZip:

N/A

Dependencies:

• Zip

Known Issues:

As a dictionary attack brute force module, AntiZip can be resource-intensive. If you encounter time limit or memory issues, consider adjusting the module's settings accordingly.