-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupload-sample.php
263 lines (248 loc) · 13.5 KB
/
upload-sample.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
<?php
require '_cred.php';
session_start();
if(isset($_SESSION['username'])){
}
else{
echo("<script>location.href = './?page=signin';</script>");
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no">
<title>Malware Repository</title>
<link rel="stylesheet" href="assets/bootstrap/css/bootstrap.min.css">
<link rel="stylesheet"
href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css">
<link rel="stylesheet" href="./assets/fonts/ionicons.min.css">
<link rel="manifest" href="./manifest.json"/>
<link rel="stylesheet" href="assets/css/Footer-Dark.css">
<style>
body {
color: black;
}
.card-1 {
box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);
transition: all 0.3s cubic-bezier(.25, .8, .25, 1);
}
.card-1:hover {
box-shadow: 0 14px 28px rgba(0, 0, 0, 0.25), 0 10px 10px rgba(0, 0, 0, 0.22);
}
.card-2 {
box-shadow: 0 3px 6px rgba(0, 0, 0, 0.16), 0 3px 6px rgba(0, 0, 0, 0.23);
}
.card-3 {
box-shadow: 0 10px 20px rgba(0, 0, 0, 0.19), 0 6px 6px rgba(0, 0, 0, 0.23);
}
.card-4 {
box-shadow: 0 14px 28px rgba(0, 0, 0, 0.25), 0 10px 10px rgba(0, 0, 0, 0.22);
}
.card-5 {
box-shadow: 0 19px 38px rgba(0, 0, 0, 0.30), 0 15px 12px rgba(0, 0, 0, 0.22);
}
.navbar {
background-color: #282D32;
}
</style>
</head>
<body class="bg-gradient-dark">
<nav class="navbar navbar-light text-light navbar-expand-md sticky-top card-2">
<div class="container-fluid" style="padding: 5px"><a href="javascript:void(0)" class="text-light"
onclick="window.history.back();" style="margin-right: 20px"><i
class="fas fa-arrow-left"></i></a>
<a class="navbar-brand text-light" href="./?page=home" style="position: fixed; left: 80px;">Malware Repository</a>
<?php require './account.manager.php';?>
<img src="./assets/img/avatars/avatar1.jpeg" data-toggle="dropdown" height="30px" width="30px"
style="position: fixed; top: 10px; right: 10px; border-radius: 50%;">
<div class="dropdown-menu dropdown-menu-left card-4"
style="margin-top: 50px;!important; width: 100px !important;">
<span class="dropdown-item-text" href="#"><strong>Testing Suite</strong></span>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="./?page=loggedin">Dashboard</a>
<a class="dropdown-item" href="./?page=upload">Upload Sample</a>
<a class="dropdown-item" href="./?page=accountinfo">Account Info</a>
<a class="dropdown-item" href="./?page=settings">Settings</a>
<a class="dropdown-item" href="./?page=logout">Logout</a>
</div>
</div>
</div>
</nav>
<div class="container">
<div class='card' style='margin:20px 0' ><ul class="nav nav-pills">
<li class="nav-item">
<a class="nav-link " href="./?page=loggedin"><b>Dashboard</b></a>
</li>
<li class="nav-item" style='margin-left: -20px'>
<a class="nav-link disabled" href="#"><b>|</b></a>
</li>
<li class="nav-item float-right" >
<a class="nav-link" href="./all-samples.php"><b>All Samples</b></a>
</li>
<li class="nav-item" >
<a class="nav-link disabled" href="javascript:void(0)"><b>|</b></a>
</li>
<li class="nav-item" style='margin-left: -20px'>
<a class="nav-link disabled" href="./upload-sample.php"><b>Upload Sample</b></a>
</li>
</ul></div>
<h4 class="text-light" style="margin: 20px 0">Uploading a sample</h4>
<div class="row" style="margin: 20px 0">
<div class="card">
<div class="card-body">
<h5 >What you need to know when uploading a sample:</h5>
<div class="border-left-success" id="definition">
<blockquote class="blockquote" style="padding:10px;">
Required:<br>
<a href="./prep_file.py" download ><i class="fab fa-python"></i> prep_file.py</a>
<span class="blockquote-footer">Click the above file to download</span>
</blockquote>
</div>
<p>
You will need to download the following file: named as prep_file.py above. Ensure you have python installed
on your PC.<br>To have it installed, follow <a href="https://docs.python.org/3/using/index.html" target="_blank">this link</a> to learn how to setup python.
<br>Get the file you want to submit and just run<br>
<code>python prep_file.py file_tosubmit.exe</code><br> It will create a directory
for you. Then just submit that along with the information of the malware so that we know which malware it
is.</p>
</div>
</div>
</div>
<h4 class="text-light" style="margin: 20px 0">Upload Sample Here:</h4>
<div class="row">
<div class="col-lg-6">
<div class="card shadow mb-5">
<div class="card-body">
<div class="alert alert-warning">Read the instructions above 👆 before uploading a Malware sample</div>
<?php
if(isset($_POST['sample_upload'])){
$malware_name =$_POST['malware_name'];
$users_id_users = $_SESSION["id"];
$engine_used=$_POST['malware_engine'];
$category_malware=$_POST['malware_category'];
$target_dir = "./samples/";
if(isset($_POST["method_of_operation"]))
{
$method_of_operation = "";
foreach ( $_POST['method_of_operation'] as $plat) {
$method_of_operation .= $plat." , ";
}
$method_of_operation = rtrim($method_of_operation, ', \t\n');
}
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Check if image file is a actual image or fake image
if (file_exists($target_file)) {
echo "<div class='alert alert-danger'>Sorry, file already exists.</div>";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 10000000) {
echo "<div class='alert alert-danger'>Sorry, your file is too large.</div>";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "zip" && $imageFileType != "zip" && $imageFileType != "zip") {
echo "<div class='alert alert-danger'>Sorry, ZIP files are allowed.</div>";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "<div class='alert alert-danger'>Sorry, your file was not uploaded.</div>";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
$url_file ="./samples/". basename( $_FILES["fileToUpload"]["name"]);
$stmt = $conn->prepare("INSERT INTO malware_samples(malware_name, malware_date_created, malware_date_updated, url_file, user_id, platform_available, engine_used, category_malware) VALUES (?,NOW(),NOW(),?,?,?,?,?)");
$stmt->bind_param("ssssss", $malware_name, $url_file,$users_id_users, $method_of_operation,$engine_used,$category_malware);
if ($stmt->execute()) {
echo "<div class='alert alert-success alert-dismissible' style='margin: 20px 0'> <button type='button' class='close' data-dismiss='alert'>×</button><b>Success!</b> The sample has been uploaded successfully</div>";
} else {
echo "<div class='alert alert-danger alert-dismissible' style='margin: 20px 0'> <button type='button' class='close' data-dismiss='alert'>×</button><b>Failed!</b> The sample could not be uploaded. The error has been logged and will be logged at. Please try again later.</div>";
}
echo "<div class='alert alert-success'>The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.</div>";
} else {
echo "<div class='alert alert-danger'>Sorry, there was an error uploading your file.</div>";
}
}
}
?>
<form method="post" action="" enctype="multipart/form-data">
<div class="form-group"><label for="address"><strong>Malware Name</strong><br/></label><input
type="text" class="form-control" placeholder="Malware Name" name="malware_name"
required/><label for="malware-engine"><strong>Malware Engine</strong><br/></label>
<select class="form-control" required name="malware_engine">
<?php
$sql = "SELECT * FROM malware_engines";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<option value='" . $row["id_malware_engines"]. "'> " . $row["malware_engine_name"]."</option>";
}
} else {
echo "<option disabled value='reject'>No engine available. Add one first</option>";
}
?>
</select>
<label
for="malware-category"><strong>Malware Category</strong><br/></label>
<select class="form-control" name="malware_category" required>
<?php
$sql = "SELECT * FROM malware_categories";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<option value='" . $row["id_malware_categories"]. "'> " . $row["name_of_category"]."</option>";
}
} else {
echo "<option disabled value='reject'>No engine available. Add one first</option>";
}
?>
</select><label for="platforms_affected"><strong>Platforms affected by
Malware</strong><br/></label>
<select class='form-control' name='method_of_operation[]' required multiple>";
<?php
$sql = "SELECT * FROM platforms_available";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<option value='" . $row["platforms_name"]. "'> " . $row["platforms_name"]."</option>";
}
} else {
echo "<option selected disabled value='reject'>No Platform available. Add one first</option>";
}
?>
</select><label for="address"><strong>Malware
Sample</strong><br/></label><br><input
type="file" accept="application/zip" required name="fileToUpload" id="fileToUpload"/></div>
<div class="form-group">
<button class="btn btn-primary btn-sm" type="submit" name="sample_upload">Upload<br/></button>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.3.1/js/bootstrap.bundle.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.8.0/Chart.bundle.min.js"></script>
<script src="assets/js/bs-init.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.4.1/jquery.easing.js"></script>
<script src="./manup.js"></script>
<script src="assets/js/theme.js"></script>
<script>
if ( window.history.replaceState ) {
window.history.replaceState( null, null, window.location.href );
}
const print=(reportType)=>{
window.open("./reports.php?report-type=" + reportType,"_self");
}
</script>
</body>