pentestgeek / phishing-frenzy

Ruby on Rails Phishing Framework
www.phishingfrenzy.com
GNU General Public License v3.0
776 stars 296 forks source link

NoMethodError in EmailController on preview #67

Closed JGillam closed 10 years ago

JGillam commented 10 years ago

I'm getting an error when I press "Preview" or "Test". For preview I get the stack trace below. Any idea what could be causing this? I have a software developer background but Ruby is unfamiliar territory...

This install is on Debian 7 (wheezy) and is a box built just this week explicitly just for PF, so there is no other junk running on there.

NoMethodError in EmailController#preview

undefined method `images' for nil:NilClass Rails.root: /var/www/phishing-frenzy

Application Trace | Framework Trace | Full Trace app/mailers/phishing_frenzy_mailer.rb:14:in phish' actionpack (3.2.13) lib/abstract_controller/base.rb:167:inprocess_action' actionpack (3.2.13) lib/abstract_controller/base.rb:121:in process' actionpack (3.2.13) lib/abstract_controller/rendering.rb:45:inprocess' actionmailer (3.2.13) lib/action_mailer/base.rb:459:in process' actionmailer (3.2.13) lib/action_mailer/base.rb:453:ininitialize' actionmailer (3.2.13) lib/action_mailer/base.rb:439:in new' actionmailer (3.2.13) lib/action_mailer/base.rb:439:inmethod_missing' app/controllers/email_controller.rb:22:in `preview'

zeknox commented 10 years ago

I believe you have a problem with your email file that is part of your template. I think that you have a block of code calling an image_tag like this:

<%= image_tag attachments['pizza.jpg'].url %>

Yet you have no image named "pizza.jpg". The error message is happening because the image method expected an image yet it got nil, most likely because the file was not properly uploaded to the template.

If you want, feel free to post the email HTML code up here as well, that is most likely the problem.

Are you able to assign one of the default templates to a campaign and preview the email messages? This would be a good indication if your template is the issue or something else all together.

JGillam commented 10 years ago

Actually, this is happening with both of the sample templates. I haven't done anything custom yet at all - just trying to get it running with the defaults, as shown in your Youtube video.

zeknox commented 10 years ago

Delete the default templates for me. Then run this command to reload the default templates back in:

rake templates:load

See if the preview works with this freshly reloaded templates

JGillam commented 10 years ago

Same issue again. Is this likely a permission issue at all? I did a chown to www-data across the web folder just to be sure, but just wondering if there's something else I'm missing?

JGillam commented 10 years ago

I dug around a bit more to see if I can figure out what is happening.

The only places the image file is showing up are:

 # find /var/www/phishing-frenzy/ -name 'intel.jpg' -print
/var/www/phishing-frenzy/vendor/templates/intel/intel.jpg
/var/www/phishing-frenzy/public/uploads/attachment/file/28/intel.jpg
/var/www/phishing-frenzy/public/uploads/attachment/file/21/intel.jpg

Is it also supposed to be somewhere under public/templates?

zeknox commented 10 years ago

That looks correct, it doesn't place it anywhere under templates. The files are tied to the template through an association defined in the template model.

What happens if you remove all the image_tags from your email message and try to preview it?

Also when tweaking a template, you might have to go into your campaign, save it to a different template, and resave to the original for it to load the most recent changes for the template.

JGillam commented 10 years ago

Alright, bonehead move on my part. If you don't activate the template dropdown (i.e. don't assume the default item) or don't hit the "Save Settings" button you will get this error.

So a suggestion for dummy-proofing is to either automatically Save Settings if you press preview, or disable preview, test, launch, etc... until a valid template has been saved to the campaign. :)

zeknox commented 10 years ago

Thanks for the feedback. I think all of those are viable solutions. We even accept pull requests :+1: