pentestgeek / phishing-frenzy

Ruby on Rails Phishing Framework
www.phishingfrenzy.com
GNU General Public License v3.0
776 stars 296 forks source link

Unable to upload zip template files #138

Closed fujimaster closed 9 years ago

fujimaster commented 9 years ago

Getting Ruby errors when uploading zip file. I downloaded zip file from archive folder, when try to restore them it fails.

zeknox commented 9 years ago

Need more specifics on those errors to offer any assistance.

411Hall commented 9 years ago

I am running Phishing Frenzy on Kali 1.09 and think i might be having the same issue. When i select the template zip file i get the following message:

ArgumentError in TemplatesController#upload error (undefined class/module Template).

I can supply screen grabs or logs if you like.

zeknox commented 9 years ago

Can you guys also confirm you are running the latest version of PF?

zeknox commented 9 years ago

Also any chance you could provide me with your zip archives that are causing the issues?

fujimaster commented 9 years ago

I downloaded zip archives from github, all of them and they all have same error message when uploading/restoring them

411Hall commented 9 years ago

Did the install 3 days ago and pulled from the git then so i assume its the latest version? Same as above they are just the zips from the github. Weirdly i managed to get the LinkedIn template which was failing to import yesterday imported earlier but when i tried to import another template i got the error again.

johnk3r commented 9 years ago

Hello. I have the same problem. When you use the template available on the GIT (Linkedin or Office365) I get the following message

"# Load template.yml file and create template db entry template = YAML.load (template_yml.get_input_stream.read) new_template = template.dup new_template.save (validate: false)! "

"

Rails.root: / var / www / phishing-frenzy Application Trace | Framework Trace | Full Trace

app / controllers / templates_controller.rb: 116: in `upload '

Request

Parameters:

{"utf8" => "✓" "authenticity_token" => "2BnI87A d61Le5iUxpSUts8IRANblGZQ9y9SYSUx4XA + =" "restore_template" => # <ActionDispatch :: Http :: UploadedFile: 0x00000006c05368tempfile = # <Tempfile: / tmp / RackMultipart20150119-14585-1sp4kn6>, @ original_filename = "linkedin.zip" @ content_type = "application / zip" @ headers = "Content-Disposition: form-data; name = \" restore_template \ "; filename = \" linkedin.zip \ "\ r \ nContent-Type: application / zip \ r \ n">, "commit" => "Restore Template"}

Toggle session dump

_csrf_token: "2BnI87A d61Le5iUxpSUts8IRANblGZQ9y9SYSUx4XA + =" session_id: "3b072630bb57af3694daba26f3afd40e" warden.user.admin.key [[1] "$ $ 10 $ bb2NTcuzhkKKKcMpCeQGL 2a."]

zeknox commented 9 years ago

Guys, I'm leaning towards something is different with your environments that is causing this issue. The reason I believe this is because I have an rspec test which tests this functionality and its passing all tests in my environment.

Here is the test in place to upload a zip archive successfully: https://github.com/pentestgeek/phishing-frenzy/blob/master/spec/requests/templates_spec.rb#L30

Example of git repo up to date with all tests passing

root@bt:/var/www/phishing-frenzy# git pull origin master
From github.com:pentestgeek/phishing-frenzy
 * branch            master     -> FETCH_HEAD
Already up-to-date.
root@bt:/var/www/phishing-frenzy# rspec
............................................................................
Finished in 33.98 seconds (files took 4.77 seconds to load)
76 examples, 0 failures
johnk3r commented 9 years ago

My test: root@phishing:/var/www/phishing-frenzy# git pull origin master remote: Counting objects: 3, done. remote: Compressing objects: 100% (3/3), done. remote: Total 3 (delta 0), reused 0 (delta 0) Unpacking objects: 100% (3/3), done. From https://github.com/pentestgeek/phishing-frenzy

johnk3r commented 9 years ago

@zeknox any idea how to solve this problem ?

johnk3r commented 9 years ago

I found the cause of my problem. Is related to permission in some directories.

zeknox commented 9 years ago

@johnk3r the command output you showed above was not running the tests. It only shows that you were running the most up to date version. You would run the command rspec within the phishing-frenzy directory.

This will likely fail a bunch of tests tho because you need to rake the TEST database as well. I'll be providing documentation on running tests sometime in the future.

Could you also specify what permission issues solved the problem for you? I assume it was something similar to below as documented in the install guide?

# chmod -R 755 /var/www/phishing-frenzy/public/uploads/

Closing this ticket since tests are passing and unable to reproduce issue.