Adlice forum
Software feedback => MRF => Topic started by: Asentrix on May 26, 2016, 09:20:34 PM
-
I set up a free host at first to try this out on
I configured everything accordingly and followed the instructions etc
After I had set everything , I tried to navigate to the root / website url and I got the following error:
The *website URL* page isn’t working
*website URL* is currently unable to handle this request.
I followed the installation guide , created my DB's etc and nothing seems to work
I then tried switching to a paid host and buying a domain , thinking maybe the free host had limitations
Much to my surprise , it started giving me the same error on my new host
What am I doing wrong??
I've sent an email to support too , hope you guys can help me out , thanks!
-
Hi Asentrix,
Seems like a web server error to me.
Which server are you using ? Did you inspect the logfiles ?
Regards.
-
Hi Asentrix,
Seems like a web server error to me.
Which server are you using ? Did you inspect the logfiles ?
Regards.
Hi curson , it's a missing comma in your code
"web_base_url" => 'http://cuckoo.home:8080/', <- this is missing in the source which caused the issue
Also I couldn't seem to find any documentation on the cron job, do I set that up manually?
If so , what would the cron command be / frequency?
Just one more question , is it possible to link the file scans on my domain?
Eg. I upload a file , and it scans on virus total etc , but I want to link the scan report from the script?
Thanks!
EDIT
Sorry for adding this too , but I realised that normal users can edit links / comments too?
Is there any way to restrict normal users so they can only view links in hyperlink form and stop them from being able to edit comments?
-
Also having issues with certain files
Big files don't seem to work , they generate a whie space with nothing in it
Then I receive this error
PHP Warning: md5_file(): Filename cannot be empty in /home/website/public_html/src/functions.php line 423
(http://i.imgur.com/KdvDHes.png)
The code on line 423
// Modify generated filename
function OnGetFileName($generated_name, $file_path, $name){
return md5_file($file_path);
}
Please help!
-
Hi Asentrix,
Hi curson , it's a missing comma in your code
"web_base_url" => 'http://cuckoo.home:8080/', <- this is missing in the source which caused the issue
Thanks for your feedback. We will fix this ASAP.
Also I couldn't seem to find any documentation on the cron job, do I set that up manually?
If so , what would the cron command be / frequency?
No, you don't have to. If a cron job is not planned, VT and Cuckoo scans will take place when grabbing the displayed samples.
I will make sure to improve documentation on this matter.
Just one more question , is it possible to link the file scans on my domain?
Eg. I upload a file , and it scans on virus total etc , but I want to link the scan report from the script?
This feature is not available but I think you could acheive this using the numerous features of the VirusTotal API (https://www.virustotal.com/en/documentation/public-api/).
Sorry for adding this too , but I realised that normal users can edit links / comments too?
Is there any way to restrict normal users so they can only view links in hyperlink form and stop them from being able to edit comments?
You will need to tweak the page using some code and UserCake's Permission Group Management Pages (http://usercake.com/docs.php#3).
Also having issues with certain files
Big files don't seem to work , they generate a whie space with nothing in it
Then I receive this error
PHP Warning: md5_file(): Filename cannot be empty in /home/website/public_html/src/functions.php line 423
What do you mean by "big" ?
It seems that $file_path is empty when processing function OnGetFileName($generated_name, $file_path, $name). I don't have time to test for now but at first sight, the culprit seems to be function get_upload_path($file_name) on src/uploader.php.
$file_path = $this->get_upload_path($file_name);You will be able to check by putting a breakpoint on this line and checking the content of $file_path.
Would you mind open a new bug report documenting your finding on the MRF GitGub repository (https://github.com/Tigzy/malware-repo) ?
Regards.
-
Amazing response , thanks so much , I will create a bug report on github
When I said "big file" I believe I was wrong , it seems to happen randomly
I went into my system32 DIR and tried uploading random .exe files
Some worked fine , others didn't and created that error
I really appreciate the fantastic response , I would love to see more documentation on setting up cuckoo with your script
I'm not exactly sure how to run cuckoo off a VM on my windows machine despite reading page after page of documentation
-
Hi Asentrix,
Amazing response , thanks so much , I will create a bug report on github
Many thanks.
When I said "big file" I believe I was wrong , it seems to happen randomly
I went into my system32 DIR and tried uploading random .exe files
Some worked fine , others didn't and created that error
Errors occuring randomly are always difficult to troubleshoot.
Would you mind describing your environment (OS, WEB server, PHP version, etc) ?
I really appreciate the fantastic response , I would love to see more documentation on setting up cuckoo with your script
Thanks for the kind words. Better documentation is planned
I'm not exactly sure how to run cuckoo off a VM on my windows machine despite reading page after page of documentation
Unfortunately, Cuckoo cannot be installed as host on any Windows OS. Only guest mode is supported.
I advice you to run the host on a virtualized GNU/Linux operating system.
Regards.
-
Thanks again for the great response
Just wanted to also mention , there's another 'bug' I found
In the index , the default 'max files' is 40 until it goes to a new page
I wanted to decrease this number to 15 , but it doesn't work
Tried changing it to 20 , didn't work either
Here's the line
<input type="text" readonly="readonly" data-max-page="40" />
-
Hi Asentrix,
Thanks for your feedback.
Could you please open a new bug report for this issue as well ?
Regards.
-
Sure , done! :)
Also where can I add suggestions?
If I'm allowed to add here, I'd like to suggest multiple virustotal API's
I'm not rich enough to pay for the unlimited API, but if I had the ability to add multiple API's , it would solve the issue
Unless 12 scans are being done simultaneously , 3 virustotal API's would work wonders
It could check and see if the API is in use, if so, it uses another API, or checks to see how many files are being scanned per API
Since the current public API limit is 4 concurrent , multiple API support would fix that issue :P
-
Hi Asentrix,
Thanks for filling a bug report. :-)
You can perfectly submit suggestions on this thread.
The number of requests allowed to VirusTotal is not only tied to the API token but also to the originating IP.
So, using multiple token (aka multiple VirusTotal API accounts) at the same time won't change anything.
However, there may be a solution :
If you run a honeyclient, honeypot or any other automation that is going to provide resources to VirusTotal and not only retrieve reports you are entitled to a higher request rate quota, ask for it at contact@virustotal.com and you will receive special privileges when performing the calls to the API.
You can give it a try.
Regards.
-
Thanks for the reply
Tigzy asked me to continue the thread here rather than on the git for the bug report
Hope it can be fixed , thanks! :)
-
Any news on this?
Still getting the same error
It was caused by a PDF file , the PDF is backdoored too.
Also when I attempt to scan it on VT , it says sent , but if I reload page , it says VT unknown and doesn't scan
-
Hi Asentrix,
Tigzy and I were really busy with RogueKiller these past few days.
We will investigate your issue as soon as possible.
Regards.
-
Hello,
I think the file isn't uploaded at all, this is why VT doesn't upload too. The status is set by javascript, there's no confirmation from the server side until you refresh the page.
My guess is that PHP is lacking some configuration for files upload.
Can you give your configuration for phpèmax_size? http://stackoverflow.com/questions/2184513/php-change-the-maximum-upload-file-size
Thanks,
-
Thanks for the reply!
upload_max_filesize: 256M
max file upload on cloudflare: 100Mb (Unable to change unless on enterprise)
Tried uploading a .exe file from system 32 again, same file , got this error:
VM112:3 Uncaught TypeError: Cannot read property 'toLowerCase' of undefined
This is the code that appears to be causing the issue
else if (file.vendor.toLowerCase().indexOf("rootkit") != -1 || file.vendor.toLowerCase().indexOf("trojan") != -1)
Hope that helps you guys!
-
Hey, sorry for late answer, I'll take a look.
EDIT: Ok, to me the error you're pointing is a consequence, not the cause.
Cause it that the file isn't uploaded, so the returned json is missing some fields.
Is it possible that you give me temp access to the FTP? (or to a test folder where MRF is deployed)