From cd68affc93517ad7276fb1e7d7092e4f52dc5699 Mon Sep 17 00:00:00 2001 From: bhdresh Date: Thu, 26 Jan 2023 17:37:09 +0400 Subject: [PATCH] v15 changes --- Console/Decoify/addEdit.php | 83 ----- Console/Decoify/backupSettings.php | 30 +- Console/Decoify/dashboard.php | 3 +- Console/Decoify/db.class.php | 192 ---------- Console/Decoify/db.php | 7 +- Console/Decoify/deviceSettings.php | 5 +- Console/Decoify/download.php | 3 +- Console/Decoify/download_evidence.php | 3 +- Console/Decoify/events.php | 31 +- Console/Decoify/eventsView.php | 10 +- Console/Decoify/graph/getAlertsGraph.php | 27 +- Console/Decoify/healthcheck.php | 3 +- Console/Decoify/includes/common.php | 3 - Console/Decoify/includes/functions.php | 8 - Console/Decoify/list-key.php | 16 +- Console/Decoify/loggraph.php | 3 +- Console/Decoify/logview.php | 5 +- Console/Decoify/manageAlerts.php | 7 +- Console/Decoify/manageAlertsViews.php | 12 +- Console/Decoify/manageUsers.php | 179 ---------- Console/Decoify/manageUsersViews.php | 398 --------------------- Console/Decoify/render.php | 3 +- Console/Decoify/render.php.org | 2 +- Console/Decoify/reset-key.php | 3 +- Console/Decoify/search.php | 36 +- Console/Decoify/searchView.php | 3 +- Console/Decoify/search_bckup.php | 4 +- Console/Decoify/template/main-footer.php | 2 +- Console/Decoify/template/main-header.php | 13 +- Console/Decoify/template/main-sidebar.php | 18 +- Console/Decoify/updateFramework.php | 6 +- Console/Decoify/updateSettings.php | 10 +- Console/Decoify/userAction.php | 115 ------ Console/Decoify/userManagement.php | 409 ---------------------- Engine/Decoify/add-server-decoys-back.php | 68 ++++ Engine/Decoify/add-server-decoys.php | 72 ++++ Engine/Decoify/addCerts.php | 200 +++++++++++ Engine/Decoify/addCertsViews.php | 151 ++++++++ Engine/Decoify/backupSettings.php | 5 +- Engine/Decoify/cloudSettings.php | 1 + Engine/Decoify/crumbKerb.php | 1 - Engine/Decoify/database.php | 6 - Engine/Decoify/deviceSettings.php | 1 + Engine/Decoify/healthcheck.php | 1 - Engine/Decoify/honeyfiles.php | 1 - Engine/Decoify/index.php | 2 +- Engine/Decoify/list-decoys.php | 8 +- Engine/Decoify/mailAlert.php | 2 +- Engine/Decoify/template/main-footer.php | 2 +- Engine/Decoify/template/main-sidebar.php | 3 +- Engine/Decoify/updateFramework.php | 3 + Engine/Decoify/updateSettings.php | 1 + 52 files changed, 612 insertions(+), 1568 deletions(-) delete mode 100644 Console/Decoify/addEdit.php delete mode 100644 Console/Decoify/db.class.php delete mode 100644 Console/Decoify/includes/common.php delete mode 100644 Console/Decoify/includes/functions.php delete mode 100644 Console/Decoify/manageUsers.php delete mode 100644 Console/Decoify/manageUsersViews.php delete mode 100644 Console/Decoify/userAction.php delete mode 100644 Console/Decoify/userManagement.php create mode 100755 Engine/Decoify/addCerts.php create mode 100755 Engine/Decoify/addCertsViews.php delete mode 100755 Engine/Decoify/database.php diff --git a/Console/Decoify/addEdit.php b/Console/Decoify/addEdit.php deleted file mode 100644 index 4bd2d65f..00000000 --- a/Console/Decoify/addEdit.php +++ /dev/null @@ -1,83 +0,0 @@ - $_GET['id'], - ); - $conditions['return_type'] = 'single'; - $userData = $db->getRows('users', $conditions); -} - -// Pre-filled data -$userData = !empty($postData) ? $postData : $userData; - -// Define action -$actionLabel = !empty($_GET['id']) ? 'Edit' : 'Add'; - -?> - - - -
- -
- - - -
-
User
-
-
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
-
- - -
- - -
-
-
\ No newline at end of file diff --git a/Console/Decoify/backupSettings.php b/Console/Decoify/backupSettings.php index 0e170a1c..37e3ef96 100644 --- a/Console/Decoify/backupSettings.php +++ b/Console/Decoify/backupSettings.php @@ -2,20 +2,19 @@ if(!isset($_SESSION)) { - session_start(); + session_start(); } -require_once('includes/common.php'); include "db.php"; -if(!isset($_SESSION['user_name']) && !isAdmin($_SESSION)) +if(!isset($_SESSION['user_name']) && $_SESSION['role'] != 'admin') { - header('location:loginView.php'); - exit(); + header('location:loginView.php'); + exit(); } -if(isset($_SESSION['user_name']) && isAdmin($_SESSION)) { +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { ?> @@ -86,10 +85,11 @@ - -
+ + +
-

Upgrade DejaVu Console

+

Upgrade DejaVu

@@ -108,7 +108,7 @@ echo "
"; echo ""; - echo ""; + echo ""; echo "
"; } @@ -124,9 +124,11 @@ - - - + + + + +

Reboot/Shutdown/Reset DejaVu Console

@@ -179,6 +181,6 @@ } else { - header('location:loginView.php'); + header('location:loginView.php'); } ?> diff --git a/Console/Decoify/dashboard.php b/Console/Decoify/dashboard.php index 9096961d..a6c44075 100755 --- a/Console/Decoify/dashboard.php +++ b/Console/Decoify/dashboard.php @@ -4,11 +4,10 @@ { session_start(); } -require_once('includes/common.php'); include 'db.php'; -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)) { +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { $user_id=$_SESSION['user_id']; diff --git a/Console/Decoify/db.class.php b/Console/Decoify/db.class.php deleted file mode 100644 index ca60732e..00000000 --- a/Console/Decoify/db.class.php +++ /dev/null @@ -1,192 +0,0 @@ -db)){ - $config = parse_ini_file('config/config.ini'); - $this->servername = $config['host']; - $this->username = $config['username']; - $this->password = $config['password']; - $this->dbname = $config['dbname']; - - // Connect to the database - $conn = new mysqli($this->servername, $this->username, $this->password, $this->dbname); - if($conn->connect_error){ - die("Failed to connect with MySQL: " . $conn->connect_error); - }else{ - $this->db = $conn; - } - } - } - public function getRows($table, $conditions = array()){ - $sql = 'SELECT '; - $sql .= array_key_exists("select", $conditions)?$conditions['select']:'*'; - $sql .= ' FROM '.$table; - if(array_key_exists("where", $conditions)){ - $sql .= ' WHERE '; - $i = 0; - foreach($conditions['where'] as $key => $value){ - $pre = ($i > 0)?' AND ':''; - $sql .= $pre.$key." = '".$value."'"; - $i++; - } - } - - if(array_key_exists("like", $conditions) && !empty($conditions['like'])){ - $sql .= (strpos($sql, 'WHERE') !== false)?' AND ':' WHERE '; - $i = 0; - $likeSQL = ''; - foreach($conditions['like'] as $key => $value){ - $pre = ($i > 0)?' AND ':''; - $likeSQL .= $pre.$key." LIKE '%".$value."%'"; - $i++; - } - $sql .= '('.$likeSQL.')'; - } - - if(array_key_exists("like_or", $conditions) && !empty($conditions['like_or'])){ - $sql .= (strpos($sql, 'WHERE') !== false)?' AND ':' WHERE '; - $i = 0; - $likeSQL = ''; - foreach($conditions['like_or'] as $key => $value){ - $pre = ($i > 0)?' OR ':''; - $likeSQL .= $pre.$key." LIKE '%".$value."%'"; - $i++; - } - $sql .= '('.$likeSQL.')'; - } - - if(array_key_exists("order_by", $conditions)){ - $sql .= ' ORDER BY '.$conditions['order_by']; - } - - if(array_key_exists("start", $conditions) && array_key_exists("limit", $conditions)){ - $sql .= ' LIMIT '.$conditions['start'].','.$conditions['limit']; - }elseif(!array_key_exists("start", $conditions) && array_key_exists("limit", $conditions)){ - $sql .= ' LIMIT '.$conditions['limit']; - } - - //$result = $this->db->query($sql); - $stmt = $this->db->prepare($sql); - $stmt->execute(); - $result = $stmt->get_result(); - - if(array_key_exists("return_type", $conditions) && $conditions['return_type'] != 'all'){ - switch($conditions['return_type']){ - case 'count': - $data = $result->num_rows; - break; - case 'single': - $data = $result->fetch_assoc(); - break; - default: - $data = ''; - } - }else{ - if($result->num_rows > 0){ - while($row = $result->fetch_assoc()){ - $data[] = $row; - } - } - } - return !empty($data)?$data:false; - } - - /* - * Insert data into the database - * @param string name of the table - * @param array the data for inserting into the users - */ - public function insert($table, $data){ - if(!empty($data) && is_array($data)){ - $columns = ''; - $values = ''; - $i = 0; - if(!array_key_exists('created', $data)){ - $data['created'] = date("Y-m-d H:i:s"); - } - if(!array_key_exists('modified', $data)){ - $data['modified'] = date("Y-m-d H:i:s"); - } - foreach($data as $key=>$val){ - $pre = ($i > 0)?', ':''; - $columns .= $pre.$key; - $values .= $pre."'".$val."'"; - $i++; - } - $query = "INSERT INTO ".$table." (".$columns.") VALUES (".$values.")"; - //$insert = $this->db->query($query); - $insert = $this->db->prepare($query); - $insert->execute(); - - return $insert?$this->db->insert_id:false; - }else{ - return false; - } - } - - /* - * Update data into the database - * @param string name of the table - * @param array the data for updating into the table - * @param array where condition on updating data - */ - public function update($table, $data, $conditions){ - if(!empty($data) && is_array($data)){ - $colvalSet = ''; - $whereSql = ''; - $i = 0; - if(!array_key_exists('modified',$data)){ - $data['modified'] = date("Y-m-d H:i:s"); - } - foreach($data as $key=>$val){ - $pre = ($i > 0)?', ':''; - $colvalSet .= $pre.$key."='".$val."'"; - $i++; - } - if(!empty($conditions)&& is_array($conditions)){ - $whereSql .= ' WHERE '; - $i = 0; - foreach($conditions as $key => $value){ - $pre = ($i > 0)?' AND ':''; - $whereSql .= $pre.$key." = '".$value."'"; - $i++; - } - } - $query = "UPDATE ".$table." SET ".$colvalSet.$whereSql; - //$update = $this->db->query($query); - $update = $this->db->prepare($query); - $update->execute(); - return $update?$this->db->affected_rows:false; - }else{ - return false; - } - } - - /* - * Delete data from the database - * @param string name of the table - * @param array where condition on deleting data - */ - public function delete($table, $conditions){ - $whereSql = ''; - if(!empty($conditions) && is_array($conditions)){ - $whereSql .= ' WHERE '; - $i = 0; - foreach($conditions as $key => $value){ - $pre = ($i > 0)?' AND ':''; - $whereSql .= $pre.$key." = '".$value."'"; - $i++; - } - } - $query = "DELETE FROM ".$table.$whereSql; - //$delete = $this->db->query($query); - $delete = $this->db->prepare($query); - $delete->execute(); - return $delete?true:false; - } -} \ No newline at end of file diff --git a/Console/Decoify/db.php b/Console/Decoify/db.php index 7547d703..5e616168 100755 --- a/Console/Decoify/db.php +++ b/Console/Decoify/db.php @@ -1,7 +1,6 @@ prepare("select COUNT(Status) as active_events from Alerts where Status=1;"); - //$stmt->bind_param("s", $user_id); + $stmt = $mysqli->prepare("select COUNT(Status) as active_events from Alerts where Status=1 and user_id=?;"); + $stmt->bind_param("s", $user_id); $stmt->execute(); $result = $stmt->get_result(); diff --git a/Console/Decoify/deviceSettings.php b/Console/Decoify/deviceSettings.php index 1aff57b6..0839ab28 100755 --- a/Console/Decoify/deviceSettings.php +++ b/Console/Decoify/deviceSettings.php @@ -4,17 +4,16 @@ { session_start(); } -require_once('includes/common.php'); include "db.php"; -if(!isset($_SESSION['user_name']) && !isAdmin($_SESSION)) +if(!isset($_SESSION['user_name']) && $_SESSION['role'] != 'admin') { header('location:loginView.php'); exit(); } -if(isset($_SESSION['user_name']) && isAdmin($_SESSION)) { +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { ?> diff --git a/Console/Decoify/download.php b/Console/Decoify/download.php index 46f5568d..ceebb0b8 100755 --- a/Console/Decoify/download.php +++ b/Console/Decoify/download.php @@ -4,9 +4,8 @@ { session_start(); } -require_once('includes/common.php'); -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)){ +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin'){ $file_dir = "../../../download_files/"; //provide dejavu download link diff --git a/Console/Decoify/download_evidence.php b/Console/Decoify/download_evidence.php index e959941a..63f03baf 100755 --- a/Console/Decoify/download_evidence.php +++ b/Console/Decoify/download_evidence.php @@ -4,13 +4,12 @@ { session_start(); } -require_once('includes/common.php'); include 'db.php'; $submited_csrf_token = preg_replace("/[^0-9a-zA-Z]/","",$_POST["csrf_token"]); -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)){ +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin'){ $user_id=$_SESSION['user_id']; $file_dir = "/var/dejavufiles/captures/"; diff --git a/Console/Decoify/events.php b/Console/Decoify/events.php index 6c619837..36ecdcef 100755 --- a/Console/Decoify/events.php +++ b/Console/Decoify/events.php @@ -1,8 +1,6 @@ prepare("SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 ORDER BY LogInsertedTimeStamp DESC;"); + $stmt = $mysqli->prepare("SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 and user_id=? ORDER BY LogInsertedTimeStamp DESC;"); + $stmt->bind_param("s", $user_id); $stmt->execute(); $result = $stmt->get_result(); @@ -85,9 +84,9 @@ function getSearchFilter() $user_id=$_SESSION['user_id']; - $stmt = $mysqli->prepare("SELECT search_filter from SearchFilter where Status=1 "); + $stmt = $mysqli->prepare("SELECT search_filter from SearchFilter where Status=1 and user_id=?"); - //$stmt->bind_param("s", $user_id); + $stmt->bind_param("s", $user_id); $stmt->execute(); @@ -181,19 +180,19 @@ function AdvanceQuery($vals, $startDate, $endDate) //appending the query based on and filter if ($filter == 'and') { - $search_query = "SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 ".$query. "ORDER BY LogInsertedTimeStamp Desc "; + $search_query = "SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 and user_id=? ".$query. "ORDER BY LogInsertedTimeStamp Desc "; if($startDate != '' and $endDate != '') { - $search_query = "SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 and (LogInsertedTimeStamp between ? and ? )".$query. "ORDER BY LogInsertedTimeStamp Desc"; + $search_query = "SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 and user_id=? and (LogInsertedTimeStamp between ? and ? )".$query. "ORDER BY LogInsertedTimeStamp Desc"; } } elseif ($filter == 'or') { - $search_query = "SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 and (1=2".$query. ")"; + $search_query = "SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 and user_id=? and (1=2".$query. ")"; if($startDate != '' and $endDate != '') { - $search_query = "SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 and (LogInsertedTimeStamp between ? and ? ) and (1=2".$query. ")"; + $search_query = "SELECT id, Decoy_Name, Decoy_Group, Decoy_IP, Attacker_IP, LogInsertedTimeStamp FROM Alerts where Status=1 and user_id=? and (LogInsertedTimeStamp between ? and ? ) and (1=2".$query. ")"; } } @@ -222,7 +221,7 @@ function AdvanceQuery($vals, $startDate, $endDate) { $new_params = 'sss' . $query_params[0]; - array_unshift($query_params, $new_params, $startDate, $endDate); + array_unshift($query_params, $user_id, $new_params, $startDate, $endDate); array_splice($query_params, 4, 1); } @@ -230,7 +229,7 @@ function AdvanceQuery($vals, $startDate, $endDate) else{ $new_params = 's' . $query_params[0]; - array_unshift($query_params, $new_params); + array_unshift($query_params, $new_params, $user_id); array_splice($query_params, 2, 1); @@ -284,8 +283,10 @@ function checkSearchFilter() $user_id=$_SESSION['user_id']; - $stmt = $mysqli->prepare("SELECT search_filter from SearchFilter where Status=1"); + $stmt = $mysqli->prepare("SELECT search_filter from SearchFilter where Status=1 and user_id=?"); + $stmt->bind_param("s", $user_id); + $stmt->execute(); $result = $stmt->get_result(); @@ -306,18 +307,18 @@ function checkSearchFilter() } -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)){ +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin'){ $user_id=$_SESSION['user_id']; - if(isset($_POST["action"]) && $_POST["action"]=='disable') + if($_POST["action"]=='disable') { $alert_id = $_POST["alert_id"]; DisableAlert($alert_id); } - if(isset($_POST["delete"]) && $_POST["delete"]=='delete_all') + if($_POST["delete"]=='delete_all') { removeAlerts(); } diff --git a/Console/Decoify/eventsView.php b/Console/Decoify/eventsView.php index 16a0f4d6..cea6eb2b 100755 --- a/Console/Decoify/eventsView.php +++ b/Console/Decoify/eventsView.php @@ -1,13 +1,11 @@ @@ -50,11 +48,9 @@ View as Graph --> - - - - - - -
- -
-

- Manage Users - -

-
- - -
-
- -
- - -
-
-
- -
- -
- - - - - - - - - - - - $value) : ?> - - - - - - - - - -
UsernameEmailRoleStatusAction
- - - - - - - - - - -
- - - - -
- - - - - -
-
-
-
- -
- -
- -
- - - - - - - - - - \ No newline at end of file diff --git a/Console/Decoify/render.php b/Console/Decoify/render.php index d7af2f94..49dd06eb 100755 --- a/Console/Decoify/render.php +++ b/Console/Decoify/render.php @@ -4,11 +4,10 @@ { session_start(); } -require_once('includes/common.php'); include "db.php"; -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)) { +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { ?> diff --git a/Console/Decoify/render.php.org b/Console/Decoify/render.php.org index 3100a032..4443d454 100755 --- a/Console/Decoify/render.php.org +++ b/Console/Decoify/render.php.org @@ -7,7 +7,7 @@ if(!isset($_SESSION)) include "db.php"; -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)) { +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { ?> diff --git a/Console/Decoify/reset-key.php b/Console/Decoify/reset-key.php index 8214e2a0..822a745e 100755 --- a/Console/Decoify/reset-key.php +++ b/Console/Decoify/reset-key.php @@ -4,12 +4,11 @@ { session_start(); } -require_once('includes/common.php'); include 'db.php'; require 'includes/vendor/autoload.php'; -if(isset($_SESSION['user_name']) && isAdmin($_SESSION)) { +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { $user_id=$_SESSION['user_id']; $remote_ip=$_SERVER["REMOTE_ADDR"]; diff --git a/Console/Decoify/search.php b/Console/Decoify/search.php index afe21b7c..34e59489 100755 --- a/Console/Decoify/search.php +++ b/Console/Decoify/search.php @@ -6,9 +6,6 @@ } ini_set('memory_limit', '-1'); - -require_once('includes/common.php'); - include 'db.php'; function SearchQuery($startDate, $endDate) @@ -22,13 +19,14 @@ function SearchQuery($startDate, $endDate) $endDate = (string)$endDate . ' 23:59:59'; - $stmt = $mysqli->prepare("SELECT Decoy_Name, Decoy_Group, pcap_filename, video_filename, Service_Name, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where (TimeStamp between ? and ?) "); + $stmt = $mysqli->prepare("SELECT Decoy_Name, Decoy_Group, pcap_filename, video_filename, msg_filename, Service_Name, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where (TimeStamp between ? and ?) and user_id=?"); - $stmt->bind_param("ss", $startDate, $endDate); + $stmt->bind_param("sss", $startDate, $endDate, $user_id); } else { - $stmt = $mysqli->prepare("SELECT Decoy_Name, Decoy_Group, pcap_filename, video_filename, Service_Name, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs"); + $stmt = $mysqli->prepare("SELECT Decoy_Name, Decoy_Group, pcap_filename, video_filename, msg_filename, Service_Name, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where user_id=?"); + $stmt->bind_param("s", $user_id); } $stmt->execute(); @@ -59,9 +57,9 @@ function SearchAlert($attackerIP,$decoyIP) $mysqli = db_connect(); $user_id=$_SESSION['user_id']; - $stmt = $mysqli->prepare("SELECT Decoy_Name, Decoy_Group, Service_Name,pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where Attacker_IP=? and Decoy_IP=?"); + $stmt = $mysqli->prepare("SELECT Decoy_Name, Decoy_Group, Service_Name,pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where Attacker_IP=? and Decoy_IP=? and user_id=?"); - $stmt->bind_param("ss", $attackerIP, $decoyIP); + $stmt->bind_param("sss", $attackerIP, $decoyIP,$user_id); $stmt->execute(); @@ -164,19 +162,19 @@ function AdvanceQuery($vals, $startDate, $endDate) //appending the query based on and filter if ($filter == 'and') { - $search_query = "SELECT Decoy_Name, Decoy_Group, Service_Name, pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where ".$query. "ORDER BY timestamp Desc "; + $search_query = "SELECT Decoy_Name, Decoy_Group, Service_Name, pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where user_id=? ".$query. "ORDER BY timestamp Desc "; if($startDate != '' and $endDate != '') { - $search_query = "SELECT Decoy_Name, Decoy_Group, Service_Name, pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where (TimeStamp between ? and ? )".$query. "ORDER BY timestamp Desc"; + $search_query = "SELECT Decoy_Name, Decoy_Group, Service_Name, pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where user_id=? and (TimeStamp between ? and ? )".$query. "ORDER BY timestamp Desc"; } } elseif ($filter == 'or') { - $search_query = "SELECT Decoy_Name, Decoy_Group, Service_Name, pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where (1=2".$query. ")"; + $search_query = "SELECT Decoy_Name, Decoy_Group, Service_Name, pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where user_id = ? and (1=2".$query. ")"; if($startDate != '' and $endDate != '') { - $search_query = "SELECT Decoy_Name, Decoy_Group, Service_Name, pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where (TimeStamp between ? and ? ) and (1=2".$query. ")"; + $search_query = "SELECT Decoy_Name, Decoy_Group, Service_Name, pcap_filename, video_filename, msg_filename, EventType,Attacker_IP, Decoy_IP, TimeStamp FROM CloudLogs where user_id=? and (TimeStamp between ? and ? ) and (1=2".$query. ")"; } } @@ -205,7 +203,7 @@ function AdvanceQuery($vals, $startDate, $endDate) { $new_params = 'sss' . $query_params[0]; - array_unshift($query_params, $new_params, $startDate, $endDate); + array_unshift($query_params, $user_id, $new_params, $startDate, $endDate); array_splice($query_params, 4, 1); } @@ -213,7 +211,7 @@ function AdvanceQuery($vals, $startDate, $endDate) else{ $new_params = 's' . $query_params[0]; - array_unshift($query_params, $new_params ); + array_unshift($query_params, $new_params, $user_id); array_splice($query_params, 2, 1); @@ -325,8 +323,10 @@ function checkSearchFilter() $user_id=$_SESSION['user_id']; - $stmt = $mysqli->prepare("SELECT search_filter from SearchFilter where Status=1 "); + $stmt = $mysqli->prepare("SELECT search_filter from SearchFilter where Status=1 and user_id=?"); + $stmt->bind_param("s", $user_id); + $stmt->execute(); $result = $stmt->get_result(); @@ -352,7 +352,9 @@ function getSearchFilter() $user_id=$_SESSION['user_id']; - $stmt = $mysqli->prepare("SELECT search_filter from SearchFilter where Status=1"); + $stmt = $mysqli->prepare("SELECT search_filter from SearchFilter where Status=1 and user_id=?"); + + $stmt->bind_param("s", $user_id); $stmt->execute(); @@ -397,7 +399,7 @@ function removeSearchFilter() } -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)){ +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin'){ $user_id=$_SESSION['user_id']; diff --git a/Console/Decoify/searchView.php b/Console/Decoify/searchView.php index 021b9807..0f454aa9 100755 --- a/Console/Decoify/searchView.php +++ b/Console/Decoify/searchView.php @@ -3,9 +3,8 @@ { session_start(); } -require_once('includes/common.php'); -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)) { +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { ?> diff --git a/Console/Decoify/search_bckup.php b/Console/Decoify/search_bckup.php index 48e27f43..549f656a 100755 --- a/Console/Decoify/search_bckup.php +++ b/Console/Decoify/search_bckup.php @@ -7,8 +7,6 @@ error_reporting(1); -require_once('includes/common.php'); - include 'db.php'; function SearchQuery($startDate, $endDate) @@ -374,7 +372,7 @@ function removeSearchFilter() } -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)){ +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin'){ if(isset($_GET["attackerIP"]) and isset($_GET["decoyIP"])) { diff --git a/Console/Decoify/template/main-footer.php b/Console/Decoify/template/main-footer.php index 2f13c674..782d00fc 100755 --- a/Console/Decoify/template/main-footer.php +++ b/Console/Decoify/template/main-footer.php @@ -7,6 +7,6 @@ echo $config['currentVersion']; ?>
- Copyright © 2020 CamoLabs. All rights + Copyright © 2023 CamoLabs. All rights reserved. diff --git a/Console/Decoify/template/main-header.php b/Console/Decoify/template/main-header.php index f88b3c88..2ad55c7f 100755 --- a/Console/Decoify/template/main-header.php +++ b/Console/Decoify/template/main-header.php @@ -5,14 +5,12 @@ { session_start(); } -require_once('includes/common.php'); -if(!isset($_SESSION['user_name']) && !isAuthorized($_SESSION)) { +if(!isset($_SESSION['user_name']) && $_SESSION['role'] != 'admin') { header('location:../loginView.php'); exit(); } - $memused = $memtotal = $memusage = $cpuload = 0; $server_check_version = '1.0.4'; $start_time = microtime(TRUE); @@ -21,7 +19,6 @@ if ($operating_system === 'Windows') { // Win CPU - if(extension_loaded("COM")){ $wmi = new COM('WinMgmts:\\\\.'); $cpus = $wmi->InstancesOf('Win32_Processor'); $cpuload = 0; @@ -39,7 +36,6 @@ // WIN CONNECTIONS $connections = shell_exec('netstat -nt | findstr :80 | findstr ESTABLISHED | find /C /V ""'); $totalconnections = shell_exec('netstat -nt | findstr :80 | find /C /V ""'); - } } else { // Linux CPU $load = sys_getloadavg(); @@ -64,9 +60,8 @@ $totalconnections = `netstat -n | wc -l`; } - if($memused > 0){ - $memusage = round(($memused/$memtotal)*100); - } + $memusage = round(($memused/$memtotal)*100); + $phpload = round(memory_get_usage() / 1000000,2); @@ -174,7 +169,7 @@
  • diff --git a/Console/Decoify/template/main-sidebar.php b/Console/Decoify/template/main-sidebar.php index 659cc144..fb581d64 100755 --- a/Console/Decoify/template/main-sidebar.php +++ b/Console/Decoify/template/main-sidebar.php @@ -54,7 +54,7 @@ target.addClass('active'); } - if ( path == 'deviceSettings.php' || path == 'manageUsers.php' || path == "backupSettings.php") { + if ( path == 'deviceSettings.php') { var target = $('.settings'); // Add active class to target link target.addClass('active'); @@ -62,9 +62,6 @@ }); -
    • MAIN NAVIGATION
      • @@ -97,8 +94,6 @@
    • - -
  • Settings @@ -107,17 +102,10 @@
    • -
diff --git a/Console/Decoify/updateFramework.php b/Console/Decoify/updateFramework.php index a07eb008..be1bb3c2 100644 --- a/Console/Decoify/updateFramework.php +++ b/Console/Decoify/updateFramework.php @@ -4,11 +4,10 @@ { session_start(); } -require_once('includes/common.php'); include 'db.php'; -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)) +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { if(isset($_POST['file_true']) && $_SESSION['csrf_token'] == $_POST['csrf_token']) @@ -31,6 +30,9 @@ } + } else { + + autoupgrade(); } header('location:backupSettings.php'); diff --git a/Console/Decoify/updateSettings.php b/Console/Decoify/updateSettings.php index 780de5c9..caef3e36 100644 --- a/Console/Decoify/updateSettings.php +++ b/Console/Decoify/updateSettings.php @@ -4,8 +4,6 @@ ini_set('display_startup_errors', 1); error_reporting(E_ALL); -require_once('includes/common.php'); - include 'db.php'; require 'includes/PHPMailer/src/Exception.php'; require 'includes/PHPMailer/src/PHPMailer.php'; @@ -19,7 +17,7 @@ session_start(); } -if(!isset($_SESSION['user_name']) && !isAuthorized($_SESSION)) +if(!isset($_SESSION['user_name']) && $_SESSION['role'] != 'admin') { header('location:loginView.php'); exit(); @@ -33,7 +31,7 @@ } -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)) +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { if(isset($_POST["oldPassword"]) && isset($_POST["newPassword"])){ @@ -457,7 +455,7 @@ function testEmail($test_emailaddress) $mail = new PHPMailer; $mail->isSMTP(); //Enable SMTP debugging - $mail->SMTPDebug = 1; + $mail->SMTPDebug = 2; if(!empty($username) && !empty($password)) { $mail->SMTPAuth = true; $mail->Username = $username; @@ -470,7 +468,7 @@ function testEmail($test_emailaddress) } //$mail->SMTPSecure =PHPMailer::ENCRYPTION_SMTPS; - //$mail->SMTPAutoTLS = false; + //$mail->SMTPAutoTLS = true; //$mail->SMTPSecure = false; $mail->Host = $hostname; $mail->Port = $PortNumber; //Defaults to 443 diff --git a/Console/Decoify/userAction.php b/Console/Decoify/userAction.php deleted file mode 100644 index b50d3493..00000000 --- a/Console/Decoify/userAction.php +++ /dev/null @@ -1,115 +0,0 @@ - $id, - 'username' => $username, - 'role' => $role, - 'email' => $email, - 'status' => $status, - 'timezone' => $timezone - ); - - // Store submitted data into session - $sessData['postData'] = $userData; - $sessData['postData']['id'] = $id; - - // ID query string - $idStr = !empty($id)?'?id='.$id:''; - - // If the data is not empty - if(!empty($username) && !empty($email) && !empty($status) && !empty($role) && !empty($timezone)){ - if(filter_var($email, FILTER_VALIDATE_EMAIL)){ - if(!empty($id)){ - // Update data - $condition = array('id' => $id); - $update = $db->update($tblName, $userData, $condition); - - if($update){ - $sessData['postData'] = ''; - $sessData['status']['type'] = 'success'; - $sessData['status']['msg'] = 'User data has been updated successfully.'; - }else{ - $sessData['status']['type'] = 'error'; - $sessData['status']['msg'] = 'Some problem occurred, please try again.'; - - // Set redirect url - $redirectURL = 'addEdit.php'.$idStr; - } - }else{ - // Insert data - $insert = $db->insert($tblName, $userData); - - if($insert){ - $sessData['postData'] = ''; - $sessData['status']['type'] = 'success'; - $sessData['status']['msg'] = 'User data has been added successfully.'; - }else{ - - $sessData['status']['type'] = 'error'; - $sessData['status']['msg'] = 'Some problem occurred, please try again.'; - - // Set redirect url - $redirectURL = 'addEdit.php'; - } - } - }else{ - $sessData['status']['type'] = 'error'; - $sessData['status']['msg'] = 'Please enter a valid email address.'; - - // Set redirect url - $redirectURL = 'addEdit.php'.$idStr; - } - }else{ - $sessData['status']['type'] = 'error'; - $sessData['status']['msg'] = 'All fields are mandatory, please fill all the fields.'; - - // Set redirect url - $redirectURL = 'addEdit.php'.$idStr; - } - - // Store status into the session - $_SESSION['sessData'] = $sessData; -}elseif(($_REQUEST['action_type'] == 'delete') && !empty($_GET['id'])){ - // Delete data - $condition = array('id' => $_GET['id']); - $delete = $db->delete($tblName, $condition); - if($delete){ - $sessData['status']['type'] = 'success'; - $sessData['status']['msg'] = 'User data has been deleted successfully.'; - }else{ - $sessData['status']['type'] = 'error'; - $sessData['status']['msg'] = 'Some problem occurred, please try again.'; - } - - // Store status into the session - $_SESSION['sessData'] = $sessData; -} - -// Redirect the user -header("Location: ".$redirectURL); -exit(); \ No newline at end of file diff --git a/Console/Decoify/userManagement.php b/Console/Decoify/userManagement.php deleted file mode 100644 index ba811dc1..00000000 --- a/Console/Decoify/userManagement.php +++ /dev/null @@ -1,409 +0,0 @@ - $searchKeyword, - 'email' => $searchKeyword, - 'role' => $searchKeyword - ); -} - -// Get count of the users -$con = array( - 'like_or' => $searchArr, - 'return_type' => 'count' -); -$rowCount = $db->getRows('users', $con); - -// Initialize pagination class -$pagConfig = array( - 'baseURL' => 'index.php'.$searchStr, - 'totalRows' => $rowCount, - 'perPage' => $perPageLimit -); -$pagination = new Pagination($pagConfig); - -// Get users from database -$con = array( - 'like_or' => $searchArr, - 'start' => $offset, - 'limit' => $perPageLimit, - 'order_by' => 'id DESC', -); -$users = $db->getRows('users', $con); - -if(isset($_SESSION['user_name']) && isAuthorized($_SESSION)) { - -?> - - - - -
- - - - -
- -
-

- User Management -

- - - -
- -
- - -
    -
  1. Home
    2. -
  2. User Management
    3. -
-
- - - -
- - -
-
-
-
- -
-
- -
- -
-
-
- - - - New User - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IDUserNameEmailStatusRoleTimeZone
- Edit - Delete -
No user(s) found......
- - - - createLinks(); ?> - - - -
- - -
- - - - - - - - - - -
- -
- - - -
-
-

Update Management Interface

-
- -
-
- - -
- - -
-
- - -
-
- - -
-
- - -
- -
- -
-
-

Update Password

-
- -
- -

Invalid Old Password

- -

Password Updated

- -
- - - - -
- -
-
- -
-
- - -
-
- -
- -
- - -
-
-

Update SMTP Details

-
- -
-
- - - - - prepare("SELECT * FROM SMTPDetails Limit 1"); - $stmt->execute(); - $result = $stmt->get_result(); - $row = mysqli_fetch_assoc($result); - $stmt->close(); - - $Hostname=$row['Hostname']; - $Username=$row['Username']; - $PortNumber=$row['PortNumber']; - $From_Email=$row['From_Email']; - - ?> -
- - -
-
- - -
- -
- - -
-
- - -
-
- - -
- -
- - -
-
-
-
- - -
- - - -
- -
-
- -
- -
-
-

Update DNS Server

-
- -
- - -
- - -
- style="width: 300px"> -
- - - - -
-
- -
- -
- - - - - - - - - - - - -
-
- - -
- - - - - \ No newline at end of file diff --git a/Engine/Decoify/add-server-decoys-back.php b/Engine/Decoify/add-server-decoys-back.php index 14b543f5..184aabda 100755 --- a/Engine/Decoify/add-server-decoys-back.php +++ b/Engine/Decoify/add-server-decoys-back.php @@ -4,6 +4,7 @@ include "db.php"; + $interface=$val["interface"]; $decoyname=$val["decoyname"]; $decoygroup=$val["decoygroup"]; @@ -868,6 +869,73 @@ } + + if ($webservertype == 'iis') + { + $dockerip=trim(' '); + + if (!empty($ipa)) + { + + exec("sudo /usr/bin/docker run -d --name $decoyname\"_iis\" -p $ipa:80:80 -p $ipa:443:443 --memory=\"256m\" iis /usr/sbin/apache2ctl -D FOREGROUND",$outputiis2,$resultiis2); + $dockeripcheck=0; + while ($dockeripcheck == 0) + { + global $dockeripcheck; + exec("sudo /usr/bin/docker inspect $decoyname\"_iis\" | grep -iw \"ipaddress\"|head -1|awk -F \"\\\"\" '{print$4}'",$outputiis8,$resultiis); + $dockerip=$outputiis8[0]; + $dockeripcheck=preg_match('/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/',$outputiis8[0],$out); + } + exec("sudo /bin/ip rule add from $dockerip/32 table $new_if_count priority 11",$outputiis,$resultiis); + } + exec("sudo /usr/bin/docker inspect $decoyname\"_iis\"| grep -i \"LogPath\"|awk -F \"\\\"\" '{print$4}'|sed \"s/$//g\"",$outputiis9,$resultiis); + + if ($apachedecoyfile == true) + { + exec("sudo /usr/bin/docker inspect $decoyname\"_iis\"| grep -i \"MergedDir\"|awk -F \"\\\"\" '{print$4}'|sed \"s/$//g\"",$outputiis10,$resultiis); + exec("sudo /usr/bin/docker exec $decoyname\"_iis\" rm -f /var/www/html/index.html",$outputiis12,$resultiis); + exec("sudo /bin/sh -c \"cd $outputiis10[0]/var/www/html/; unzip -o /var/dejavufiles/uploads/$apachedecoyfile\"",$outputiis11,$resultiis); + + + } + + + // + $mysqli = db_connect(); + + $stmt = $mysqli->prepare("UPDATE decoys set services=CONCAT(services,'IIS; '), apachedecoyfile=? where decoyname=?"); + + if (!$stmt) { + throw new Exception('Error in preparing statement: ' . $mysqli->error); + } + + $stmt->bind_param("ss", $apachedecoyfile,$decoyname); + + $stmt->execute(); + + $stmt->close(); + + $stmt2 = $mysqli->prepare("INSERT into decoydetails (decoyname,decoyservicename,decoyinternalip,decoyroutetable,decoylogfile) VALUES(?,'iis',?,?,?)"); + + if (!$stmt2) { + throw new Exception('Error in preparing statement: ' . $mysqli->error); + } + + $stmt2->bind_param("ssss", $decoyname, $dockerip, $new_if_count, $outputiis9[0]); + + $stmt2->execute(); + + $stmt2->close(); + + // + exec("sudo /usr/bin/nohup /bin/sh /etc/log.sh \"iis\" \"$outputiis9[0]\" \"$decoyname\" \"$decoygroup\" \"$ipa\" \"$decoy_type\" > /dev/null 2>&1 &",$output,$result); + } + + + + + + if ($webservertype == 'basicauth') { $dockerip=trim(' '); diff --git a/Engine/Decoify/add-server-decoys.php b/Engine/Decoify/add-server-decoys.php index a1d9ae19..c2549b88 100755 --- a/Engine/Decoify/add-server-decoys.php +++ b/Engine/Decoify/add-server-decoys.php @@ -219,6 +219,9 @@ function showFiles() if($_POST["webservertype"] == 'apache'){ $webservertype = 'apache'; } + if($_POST["webservertype"] == 'iis'){ + $webservertype = 'iis'; + } if($_POST["custom-ssh"] == 'interactivessh'){ $sshtype = 'SSH - Interactive'; @@ -1108,6 +1111,71 @@ function showFiles() } + + + if ($webservertype == 'iis') + { + $dockerip=trim(' '); + + if (!empty($ipa)) + { + + exec("sudo /usr/bin/docker run -d --name $decoyname\"_iis\" -p $ipa:80:80 -p $ipa:443:443 --memory=\"256m\" iis /usr/sbin/apache2ctl -D FOREGROUND",$outputiis2,$resultiis2); + $dockeripcheck=0; + while ($dockeripcheck == 0) + { + global $dockeripcheck; + exec("sudo /usr/bin/docker inspect $decoyname\"_iis\" | grep -iw \"ipaddress\"|head -1|awk -F \"\\\"\" '{print$4}'",$outputiis8,$resultiis); + $dockerip=$outputiis8[0]; + $dockeripcheck=preg_match('/^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/',$outputiis8[0],$out); + } + exec("sudo /bin/ip rule add from $dockerip/32 table $new_if_count priority 11",$outputiis,$resultiis); + } + exec("sudo /usr/bin/docker inspect $decoyname\"_iis\"| grep -i \"LogPath\"|awk -F \"\\\"\" '{print$4}'|sed \"s/$//g\"",$outputiis9,$resultiis); + + if ($apachedecoyfile == true) + { + exec("sudo /usr/bin/docker inspect $decoyname\"_iis\"| grep -i \"MergedDir\"|awk -F \"\\\"\" '{print$4}'|sed \"s/$//g\"",$outputiis10,$resultiis); + exec("sudo /usr/bin/docker exec $decoyname\"_iis\" rm -f /var/www/html/index.html",$outputiis12,$resultiis); + exec("sudo /bin/sh -c \"cd $outputiis10[0]/var/www/html/; unzip -o /var/dejavufiles/uploads/$apachedecoyfile\"",$outputiis11,$resultiis); + + + } + + + // + $mysqli = db_connect(); + + $stmt = $mysqli->prepare("UPDATE decoys set services=CONCAT(services,'IIS; '), apachedecoyfile=? where decoyname=?"); + + if (!$stmt) { + throw new Exception('Error in preparing statement: ' . $mysqli->error); + } + + $stmt->bind_param("ss", $apachedecoyfile,$decoyname); + + $stmt->execute(); + + $stmt->close(); + + $stmt2 = $mysqli->prepare("INSERT into decoydetails (decoyname,decoyservicename,decoyinternalip,decoyroutetable,decoylogfile) VALUES(?,'iis',?,?,?)"); + + if (!$stmt2) { + throw new Exception('Error in preparing statement: ' . $mysqli->error); + } + + $stmt2->bind_param("ssss", $decoyname, $dockerip, $new_if_count, $outputiis9[0]); + + $stmt2->execute(); + + $stmt2->close(); + + // + exec("sudo /usr/bin/nohup /bin/sh /etc/log.sh \"iis\" \"$outputiis9[0]\" \"$decoyname\" \"$decoygroup\" \"$ipa\" \"$decoy_type\" > /dev/null 2>&1 &",$output,$result); + } + + + if ($webservertype == 'basicauth') { $dockerip=trim(' '); @@ -1560,6 +1628,7 @@ function DisableTextBox(DHCP) {      @@ -1595,6 +1664,9 @@ function DisableTextBox(DHCP) { if ( $(this).val() == "apache" ) { $("#custom-page").show(); } + if ( $(this).val() == "iis" ) { + $("#custom-page").show(); + } if( $(this).val() == "tomcat" ) { $("#custom-page").hide(); } diff --git a/Engine/Decoify/addCerts.php b/Engine/Decoify/addCerts.php new file mode 100755 index 00000000..ecb8560b --- /dev/null +++ b/Engine/Decoify/addCerts.php @@ -0,0 +1,200 @@ +prepare("select * from FileDetails where file_name=?;"); + $stmt->bind_param("s", $filename); + $stmt->execute(); + $result = $stmt->get_result(); + if($result->num_rows > 0) { + echo ""; + exit(); + } + + //This needs to be modified + $target_dir = "/var/dejavufiles/uploads/"; + + $target_file = $target_dir . $filename; + + + if(move_uploaded_file($tmp_name, $target_file)) { + + //Add file name to database + $mysqli = db_connect(); + + $status = 1; + + $createdDate = date("Y-m-d H:i:s"); + + $updatedDate = date("Y-m-d H:i:s"); + + $stmt = $mysqli->prepare("Insert Into FileDetails (file_name, status, created_date, updated_date) VALUES (?,?,?,?)"); + + if (!$stmt) { + throw new Exception('Error in preparing statement: ' . $mysqli->error); + exit(); + } + + $stmt->bind_param("ssss", $filename, $status, $createdDate, $updatedDate); + + $stmt->execute(); + + $stmt->close(); + + return true; + + } + + else{ + + return false; + } + +} + +function showFiles() +{ + $mysqli = db_connect(); + + $stmt = $mysqli->prepare("SELECT id, file_name FROM FileDetails where Status=1"); + + $stmt->execute(); + + $result = $stmt->get_result(); + + if($result->num_rows === 0) { + + $stmt->close(); + + return $event; + } + + else{ + while($row = $result->fetch_array()) { + + $event[] = $row; + + } + + $stmt->close(); + + return $event; + } +} + +function deletefile($file_id) +{ + $mysqli = db_connect(); + $stmt = $mysqli->prepare("SELECT * FROM FileDetails where id=?"); + $stmt->bind_param("i", $file_id); + $stmt->execute(); + $result = $stmt->get_result(); + $row = mysqli_fetch_assoc($result); + $filename=$row["file_name"]; + + $mysqli = db_connect(); + $stmt = $mysqli->prepare("select * from decoys where apachedecoyfile=? or smbdecoyfile=?;"); + $stmt->bind_param("ss", $filename, $filename); + $stmt->execute(); + $result = $stmt->get_result(); + if($result->num_rows === 0) { + unlink("/var/dejavufiles/uploads/".$filename); + } else { + + echo ""; + exit(); + } + $mysqli = db_connect(); + $updatedDate = date("Y-m-d H:i:s"); + $stmt = $mysqli->prepare("DELETE from FileDetails where id=?"); + if (!$stmt) { + throw new Exception('Error in preparing statement: ' . $mysqli->error); + } + $stmt->bind_param("i", $file_id); + $stmt->execute(); + $stmt->close(); + return true; + + +} + +if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') +{ + $event = showFiles(); + + if(isset($_POST['file_name']) && $_SESSION['csrf_token'] == $_POST['csrf_token']) + { + $path = pathinfo($_FILES['fileToUpload']['name']); + + if($path['extension'] == 'zip') + { + $file_name = $_POST['file_name']; + + $tmp_name = $_FILES['fileToUpload']['tmp_name']; + + $uploadFile = uploadFiles($file_name, $tmp_name); + + if($uploadFile){ + + $event = showFiles(); + + header('location:addFiles.php?msg=success'); + + exit(); + + } + + else{ + + $event = showFiles(); + + header('location:addFiles.php?msg=fail'); + + exit(); + + } + + } + + else + { + header('location:addFiles.php?msg=invalidfile'); + exit(); + } + + } + + if(isset($_GET['del_id']) && $_SESSION['csrf_token'] == $_GET['csrf_token']) + { + $file_id = $_GET['del_id']; + + if(deletefile($file_id)) + { + header('location:addFiles.php'); + + exit(); + } + } + +} + +require 'addCertsViews.php'; + +?> diff --git a/Engine/Decoify/addCertsViews.php b/Engine/Decoify/addCertsViews.php new file mode 100755 index 00000000..fe18d258 --- /dev/null +++ b/Engine/Decoify/addCertsViews.php @@ -0,0 +1,151 @@ + + + + + +
+ + + + +
+ +
+

+ Add Certificates + Add +

+
    +
  1. Home
    2. +
  2. N/W and Files Management
    3. +
  3. Add Certificates
    4. +
+
+ + +
+
+ +
+ +
+
+

Add Custom Decoy Files

+
+ + +
+ +

There was some with file upload. Please try again.

+ +

File Uploaded Sucessfully

+ +

Only Zip files allowed

+ +
+ +
+ + +
+ +
+ +

Zip files only

+
+ + +
+
+ +
+ +
+
+
+

List Uploaded Files

+
+ +
+ + + + + + + + + + + + + + + $value): + ?> + + + + + +
File NameManage File
OWA Login Default Page
F5 Login Default Page
Delete File
+
+ +
+ +
+
+ + +
+
+ +
+ +
+ + + +
+ + + + + diff --git a/Engine/Decoify/backupSettings.php b/Engine/Decoify/backupSettings.php index 13a6947e..4e4c136a 100755 --- a/Engine/Decoify/backupSettings.php +++ b/Engine/Decoify/backupSettings.php @@ -6,6 +6,7 @@ } include "db.php"; + if(!isset($_SESSION['user_name']) && $_SESSION['role'] != 'admin') { header('location:loginView.php'); @@ -91,9 +92,9 @@ -
+
-

Upgrade DejaVu Engine

+

Upgrade DejaVu

diff --git a/Engine/Decoify/cloudSettings.php b/Engine/Decoify/cloudSettings.php index 8d97c911..885d73ed 100755 --- a/Engine/Decoify/cloudSettings.php +++ b/Engine/Decoify/cloudSettings.php @@ -6,6 +6,7 @@ } include "db.php"; + if(!isset($_SESSION['user_name']) && $_SESSION['role'] != 'admin') { header('location:loginView.php'); diff --git a/Engine/Decoify/crumbKerb.php b/Engine/Decoify/crumbKerb.php index c1cd5544..6b3f98b0 100755 --- a/Engine/Decoify/crumbKerb.php +++ b/Engine/Decoify/crumbKerb.php @@ -8,7 +8,6 @@ include 'db.php'; - function generatePassword($length = 30) { $possibleChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()"; $password = ''; diff --git a/Engine/Decoify/database.php b/Engine/Decoify/database.php deleted file mode 100755 index 7744619c..00000000 --- a/Engine/Decoify/database.php +++ /dev/null @@ -1,6 +0,0 @@ - diff --git a/Engine/Decoify/deviceSettings.php b/Engine/Decoify/deviceSettings.php index ef19c649..bbe92517 100644 --- a/Engine/Decoify/deviceSettings.php +++ b/Engine/Decoify/deviceSettings.php @@ -6,6 +6,7 @@ } include "db.php"; + if(!isset($_SESSION['user_name']) && $_SESSION['role'] != 'admin') { header('location:loginView.php'); diff --git a/Engine/Decoify/healthcheck.php b/Engine/Decoify/healthcheck.php index f042ac92..20fa4b75 100644 --- a/Engine/Decoify/healthcheck.php +++ b/Engine/Decoify/healthcheck.php @@ -9,7 +9,6 @@ include 'db.php'; - if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin'){ ?> diff --git a/Engine/Decoify/honeyfiles.php b/Engine/Decoify/honeyfiles.php index d960e19d..d1fac360 100755 --- a/Engine/Decoify/honeyfiles.php +++ b/Engine/Decoify/honeyfiles.php @@ -7,7 +7,6 @@ include 'db.php'; - if(isset($_SESSION['user_name']) && $_SESSION['role'] == 'admin') { if(isset($_POST['honeyfilesdomain']) && isset($_POST['remindernote']) && $_SESSION['csrf_token'] == $_POST['csrf_token']) diff --git a/Engine/Decoify/index.php b/Engine/Decoify/index.php index 3ab45b49..fd26664d 100755 --- a/Engine/Decoify/index.php +++ b/Engine/Decoify/index.php @@ -33,4 +33,4 @@ function chkUser() chkUser(); -?> \ No newline at end of file +?> diff --git a/Engine/Decoify/list-decoys.php b/Engine/Decoify/list-decoys.php index d0e105b4..8dfc014d 100755 --- a/Engine/Decoify/list-decoys.php +++ b/Engine/Decoify/list-decoys.php @@ -52,8 +52,8 @@ Interface Services IP Address - Apache files - SMB files + Web Server Files + SMB Files Action @@ -99,8 +99,8 @@ Interface Services IP Address - Apache files - SMB files + Web Server Files + SMB Files Action diff --git a/Engine/Decoify/mailAlert.php b/Engine/Decoify/mailAlert.php index d652e275..51dbd28f 100755 --- a/Engine/Decoify/mailAlert.php +++ b/Engine/Decoify/mailAlert.php @@ -211,7 +211,7 @@ function saveLog($decoyName, $decoyGroup, $decoyIP, $attackerIP, $eventType, $ev if($SyslogStatus == 1) { - $syslog = "decoyname=".$decoyName." | decoygroup=".$decoyGroup." | decoyip=".$decoyIP." | servicetype=".$serviceType." | decoytype=".$decoy_type." | attackerip=".$attackerIP." | eventtype=".$eventType." | logtime=".$logtime." | pcapfilename=".$pcap_filename." | videofilename=".$video_filename." | msgfilename=".$msg_filename; + $syslog = $decoyName." | ".$decoyGroup." | ".$decoyIP." | ".$serviceType." | ".$decoy_type." | ".$attackerIP." | ".$eventType." | ".$logtime." | ".$pcap_filename." | ".$video_filename." | ".$msg_filename; $myfile = file_put_contents('/var/log/syslogclient.log', $syslog.PHP_EOL , FILE_APPEND | LOCK_EX); } diff --git a/Engine/Decoify/template/main-footer.php b/Engine/Decoify/template/main-footer.php index 9a7b51f6..1fc359b5 100755 --- a/Engine/Decoify/template/main-footer.php +++ b/Engine/Decoify/template/main-footer.php @@ -7,6 +7,6 @@ echo $config['currentVersion']; ?>
- Copyright © 2021 CamoLabs. All rights + Copyright © 2023 CamoLabs. All rights reserved. diff --git a/Engine/Decoify/template/main-sidebar.php b/Engine/Decoify/template/main-sidebar.php index 06afd685..a7f967d0 100755 --- a/Engine/Decoify/template/main-sidebar.php +++ b/Engine/Decoify/template/main-sidebar.php @@ -80,6 +80,7 @@
  • Add Vlan
  • Delete Vlan
  • Manage File Structure
    • +
  • Manage Certificates
    • @@ -94,7 +95,7 @@
  • Add Decoy to Domain
  • Create HoneyHash
  • Kerberoast HoneyAccount
    • -
  • HoneyFiles
    • +
  • HoneyFiles
  • diff --git a/Engine/Decoify/updateFramework.php b/Engine/Decoify/updateFramework.php index 8e512f77..3355cff8 100755 --- a/Engine/Decoify/updateFramework.php +++ b/Engine/Decoify/updateFramework.php @@ -30,6 +30,9 @@ } + } else { + + autoupgrade(); } header('location:backupSettings.php'); diff --git a/Engine/Decoify/updateSettings.php b/Engine/Decoify/updateSettings.php index c2f4b750..c0ee93ce 100755 --- a/Engine/Decoify/updateSettings.php +++ b/Engine/Decoify/updateSettings.php @@ -68,6 +68,7 @@ + if (isset($_POST['dockerip']) && isset($_POST['dockermask'])){