Adlice forum

Software feedback => MRF => Topic started by: PolyBot on December 20, 2015, 12:49:17 AM

Title: Malware repository framework help?
Post by: PolyBot on December 20, 2015, 12:49:17 AM

So i made a centos 7 server, installed mysql, php and apache on it and downloaded this:

http://www.adlice.com/software/malware-repository-framework/

I followed the instructions and the setup went fine, however when i try to upload a file, it wont work, here you can see a gif of it:

https://i.gyazo.com/2f5d14b29882f9385aa2b70ab9b6f632.gif

as you can see, nothing shows up, what do i do?

Title: Re: Malware repository framework help?
Post by: PolyBot on December 20, 2015, 01:58:11 AM

I went to google and it put me up with this:

https://github.com/blueimp/jQuery-File-Upload/wiki/Frequently-Asked-Questions

i made these changes to my php.ini however its still not working:

Code: [Select]

upload_max_filesize 9G
post_max_size 9G
max_execution_time 200
max_input_time 200
memory_limit 256M

Title: Re: Malware repository framework help?
Post by: Curson on December 21, 2015, 02:54:35 PM

Hi PolyBot,

This can be many things.
Malware repository framework V3 is now online and should be way easier to setup. I advice you to give it a try.

Regards.

Title: Re: Malware repository framework help?
Post by: PolyBot on December 24, 2015, 04:40:40 AM

The new mrf 3.1 works very well.

Is there any copyright on this? may i release it on my site with active samples?

Title: Re: Malware repository framework help?
Post by: Tigzy on December 24, 2015, 09:43:53 AM

There's no EULA made yet, but consider it free to use anywhere.  8)

Title: Re: Malware repository framework help?
Post by: PolyBot on December 26, 2015, 03:33:58 AM

Thank you, i have 1 last question.

How do i make sure that only .zip files get uploaded? And is it possible to check the .zip file to check if it has a password like "infected"?

Title: Re: Malware repository framework help?
Post by: Tigzy on December 28, 2015, 10:39:46 AM

That sounds like some more work.
I'd add a callback function in here: https://github.com/Tigzy/malware-repo/blob/master/src/uploader.php#L370
And verify some zip/rar/... header with help of this: http://www.garykessler.net/library/file_sigs.html

Handle file extraction is even more complicated because of the variety of different compressors. I'd start handling only zip files, and use this: http://php.net/manual/en/ziparchive.extractto.php
To handle password: http://php.net/manual/en/ziparchive.setpassword.php

To upload extracted zip, I'd place the routine extraction at top of https://github.com/Tigzy/malware-repo/blob/master/src/uploader.php#L1052, and calling again handle_file_upload in a loop for extracted files.

And for the 3rd question (that you didn't ask but I'll answer :D) we may consider adding that feature.
(Only handling archive extraction, not limiting to zip only)