Author Topic: Malware repository framework help?  (Read 7961 times)

0 Members and 1 Guest are viewing this topic.

December 20, 2015, 12:49:17 am

PolyBot

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Malware repository framework help?
« on: December 20, 2015, 12:49:17 am »
So i made a centos 7 server, installed mysql, php and apache on it and downloaded this:

http://www.adlice.com/software/malware-repository-framework/

I followed the instructions and the setup went fine, however when i try to upload a file, it wont work, here you can see a gif of it:

https://i.gyazo.com/2f5d14b29882f9385aa2b70ab9b6f632.gif

as you can see, nothing shows up, what do i do?

Reply #1December 20, 2015, 01:58:11 am

PolyBot

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Malware repository framework help?
« Reply #1 on: December 20, 2015, 01:58:11 am »
I went to google and it put me up with this:

https://github.com/blueimp/jQuery-File-Upload/wiki/Frequently-Asked-Questions

i made these changes to my php.ini however its still not working:

Code: [Select]
upload_max_filesize 9G
post_max_size 9G
max_execution_time 200
max_input_time 200
memory_limit 256M

Reply #2December 21, 2015, 02:54:35 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2361
  • Reputation:
    82
    • View Profile
Re: Malware repository framework help?
« Reply #2 on: December 21, 2015, 02:54:35 pm »
Hi PolyBot,

This can be many things.
Malware repository framework V3 is now online and should be way easier to setup. I advice you to give it a try.

Regards.

Reply #3December 24, 2015, 04:40:40 am

PolyBot

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Malware repository framework help?
« Reply #3 on: December 24, 2015, 04:40:40 am »
The new mrf 3.1 works very well.

Is there any copyright on this? may i release it on my site with active samples?

Reply #4December 24, 2015, 09:43:53 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 855
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Malware repository framework help?
« Reply #4 on: December 24, 2015, 09:43:53 am »
There's no EULA made yet, but consider it free to use anywhere.  8)

Reply #5December 26, 2015, 03:33:58 am

PolyBot

  • Newbie

  • Offline
  • *

  • 4
  • Reputation:
    0
    • View Profile
Re: Malware repository framework help?
« Reply #5 on: December 26, 2015, 03:33:58 am »
Thank you, i have 1 last question.

How do i make sure that only .zip files get uploaded? And is it possible to check the .zip file to check if it has a password like "infected"?

Reply #6December 28, 2015, 10:39:46 am

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 855
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Malware repository framework help?
« Reply #6 on: December 28, 2015, 10:39:46 am »
That sounds like some more work.
I'd add a callback function in here: https://github.com/Tigzy/malware-repo/blob/master/src/uploader.php#L370
And verify some zip/rar/... header with help of this: http://www.garykessler.net/library/file_sigs.html

Handle file extraction is even more complicated because of the variety of different compressors. I'd start handling only zip files, and use this: http://php.net/manual/en/ziparchive.extractto.php
To handle password: http://php.net/manual/en/ziparchive.setpassword.php

To upload extracted zip, I'd place the routine extraction at top of https://github.com/Tigzy/malware-repo/blob/master/src/uploader.php#L1052, and calling again handle_file_upload in a loop for extracted files.

And for the 3rd question (that you didn't ask but I'll answer :D) we may consider adding that feature.
(Only handling archive extraction, not limiting to zip only)
« Last Edit: December 28, 2015, 10:41:33 am by Tigzy »