search

REMnux / remnux-cli

This repository contains the source code for the REMnux installer, which is the command-line tool for installing and upgrading the REMnux distro.
https://REMnux.org
MIT License
38 stars 11 forks source link

AWS EC2 Ubuntu 20.04 LTS w/Remnux - Black Screen after RDP #70

Closed Ortizachris closed 2 years ago

Ortizachris commented 2 years ago

AWS EC2 Instance Settings

Instance type
c5.4xlarge
Platform
Ubuntu (Inferred)
AMI ID
ami-01f87c43e618bf8f0
Platform details
Linux/UNIX
AMI name
ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20211129
AMI location
099720109477/ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20211129
Virtualization type
hvm
Availability zone
us-west-1a
Networking
No restrictions inbound/outbound
Storage
Root device name
/dev/sda1

Volume size (GiB)
150

Ubuntu Version

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.3 LTS
Release:    20.04
Codename:   focal

More Info

Icon name: computer-vm
Chassis: vm
Machine ID: ec231885397703a48b4462bd833964f2
Boot ID: 7f4ef1bc7f1e473aa466ea39fd8b8247
Virtualization: kvm
Operating System: Ubuntu 20.04.3 LTS
 Kernel: Linux 5.11.0-1022-aws
Architecture: x86-64

Install of XRDP

sudo apt install ubuntu-desktop
sudo apt-get install lxde -y
sudo apt-get install xrdp -y
sudo adduser xrdp ssl-cert

Install of VNC

sudo apt install tightvncserver
sudo apt install net-tools
tightvncserver -geometry 1024x768
vncpasswd
netstat -tulpn

Remnux Install Mode Cloud Successful

sudo apt-get remove python3-pyasn1 python3-pyasn1-modules
sudo apt install -y gnupg git

sudo curl -Lo remnux-cli-linux https://github.com/REMnux/remnux-cli/releases/download/v1.3.4/remnux-cli-linux
sudo chmod +x remnux-cli-linux
sudo mv remnux-cli-linux /usr/local/bin/remnux
sudo remnux install --mode=cloud

> remnux-cli@1.3.4.2.g87c65ef
> remnux-version: notinstalled

> mode: cloud
Installing and configuring SaltStack properly ...
> downloading v2022.15.6
>> downloading remnux-salt-states-v2022.15.6.tar.gz.asc
>> downloading remnux-salt-states-v2022.15.6.tar.gz.sha256
>> downloading remnux-salt-states-v2022.15.6.tar.gz.sha256.asc
>> downloading remnux-salt-states-v2022.15.6.tar.gz
> validating file remnux-salt-states-v2022.15.6.tar.gz
> validating signature for remnux-salt-states-v2022.15.6.tar.gz.sha256
> extracting update remnux-salt-states-v2022.15.6.tar.gz
> upgrading/updating to v2022.15.6
>> Log file: /var/cache/remnux/cli/v2022.15.6/saltstack.log

>> Running: deb [arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3001 focal main
>> Running: deb [arch=amd64] https://repo.saltproject.io/py3/ubuntu/20.04/amd64/3004 focal main
>> Running: deb [arch=amd64] https://download.docker.com/linux/ubuntu focal stable
>> Running: deb http://download.draios.com/stable/deb stable-amd64/
>> Running: deb http://www.inetsim.org/debian/ binary/
>> Running: software-properties-common
>> Running: openjdk-repo
>> Running: gift-repo
>> Running: sift-dev
>> Running: sift-repo
>> Running: deb [arch=amd64] https://download.mono-project.com/repo/ubuntu stable-focal main
>> Running: remnux-repo
>> Running: wireshark-dev
>> Running: deb [arch=amd64] https://packages.microsoft.com/ubuntu/20.04/prod focal main
>> Running: deb https://deb.nodesource.com/node_14.x focal main
>> Running: deb http://deb.nodesource.com/node_14.x focal main
>> Running: deb [arch=amd64] http://packages.microsoft.com/repos/vscode stable main
>> Running: remnux-repos
>> Running: dialog
>> Running: iputils-ping
>> Running: aeskeyfind
>> Running: apt-transport-https
>> Running: autoconf
>> Running: automake
>> Running: binutils
>> Running: build-essential
>> Running: bulk-extractor
>> Running: bundler
>> Running: clamav-daemon
>> Running: clamav-daemon
>> Running: clamav-freshclam
>> Running: curl
>> Running: default-jre
>> Running: docker-engine
>> Running: docker-ce
>> Running: dos2unix
>> Running: epic5
>> Running: exfat-utils
>> Running: feh
>> Running: firefox
>> Running: flex
>> Running: gdb
>> Running: git
>> Running: snapd
>> Running: snap
>> Running: libgraphviz-dev
>> Running: graphviz
>> Running: ibus
>> Running: imagemagick
>> Running: inetsim
>> Running: /usr/local/src/inspircd_3.8.1.ubuntu20.04.1_amd64.deb
>> Running: remnux-packages-inspircd-install
>> Running: inspircd
>> Running: ipython3
>> Running: lame
>> Running: libboost-dev
>> Running: libboost-python-dev
>> Running: libboost-system-dev
>> Running: libemail-outlook-message-perl
>> Running: libemu
>> Running: libemu-dev
>> Running: ldconfig
>> Running: libffi-dev
>> Running: libfuzzy-dev
>> Running: libjpeg-dev
>> Running: libjpeg8-dev
>> Running: libmozjs-52-dev
>> Running: js
>> Running: libncurses5-dev
>> Running: libsqlite3-dev
>> Running: libssl-dev
>> Running: libtool
>> Running: libxml2-dev
>> Running: libxslt1-dev
>> Running: linux-headers-generic
>> Running: ltrace
>> Running: mercurial
>> Running: nginx
>> Running: nginx
>> Running: ngrep
>> Running: openssh-client
>> Running: openssh-server
>> Running: openssl
>> Running: p7zip-full
>> Running: 7zz
>> Running: pdfresurrect
>> Running: pkg-config
>> Running: python-crypto
>> Running: python-dnspython
>> Running: enchant
>> Running: python-magic
>> Running: python-numpy
>> Running: python-pil
>> Running: python2
>> Running: curl -o /tmp/get-pip.py https://bootstrap.pypa.io/pip/2.7/get-pip.py
>> Running: python2 /tmp/get-pip.py
>> Running: python-pyasn1
>> Running: python3
>> Running: python3-pip
>> Running: qpdf
>> Running: /usr/local/src/radare2_4.3.1_amd64.deb
>> Running: remnux-radare2
>> Running: libradare2-common
>> Running: r2pm init
>> Running: r2pm update
>> Running: rhino
>> Running: rsakeyfind
>> Running: ruby-dev
>> Running: ruby
>> Running: scalpel
>> Running: scite
>> Running: ssdeep
>> Running: strace
>> Running: subversion
>> Running: swftools
>> Running: sysdig
>> Running: tcpdump
>> Running: tcpflow
>> Running: tcpick
>> Running: tcpxtract
>> Running: tor
>> Running: tor
>> Running: unhide
>> Running: unrar-free
>> Running: upx-ucl
>> Running: usbmount
>> Running: vbindiff
>> Running: wget
>> Running: wireshark
>> Running: tshark
>> Running: wxhexeditor
>> Running: xmlstarlet
>> Running: evince
>> Running: yara
>> Running: zlib1g-dev
>> Running: sudo
>> Running: dpkg --add-architecture i386 && apt-get update
>> Running: libc6
>> Running: libstdc++6
>> Running: libncurses5:i386
>> Running: zlib1g:i386
>> Running: pev
>> Running: pdftk-java
>> Running: net-tools
>> Running: wine-stable
>> Running: galculator
>> Running: libjavassist-java
>> Running: vim
>> Running: xterm
>> Running: edb-debugger
>> Running: xorstrings
>> Running: nodejs
>> Running: python3-tk
>> Running: nautilus
>> Running: pgadmin3
>> Running: postgresql
>> Running: postgresql
>> Running: libolecf
>> Running: procdot
>> Running: /usr/lib/x86_64-linux-gnu/libwebkitgtk-3.0.so.0
>> Running: dex2jar
>> Running: netcat
>> Running: python3-pyqt5
>> Running: cryptography
>> Running: libnetfilter-queue-dev
>> Running: libnfnetlink-dev
>> Running: python2-dev
>> Running: pydivert
>> Running: dnslib
>> Running: dpkt
>> Running: netfilterqueue
>> Running: pyftpdlib
>> Running: pyopenssl
>> Running: git+https://github.com/fireeye/flare-fakenet-ng
>> Running: code
>> Running: bearparser
>> Running: signsrch
>> Running: pycdc
>> Running: libusb-1.0-0
>> Running: python3-venv
>> Running: python3-virtualenv
>> Running: virtualenv
>> Running: powershell
>> Running: cabextract
>> Running: baksmali
>> Running: procyon-decompiler
>> Running: portex
>> Running: msoffice-crypt
>> Running: flare-floss
>> Running: sqlite3
>> Running: nsrllookup
>> Running: binee
>> Running: xorsearch
>> Running: pip>=21.2.4
>> Running: yara-python
>> Running: olefile
>> Running: pycryptodomex == 3.7.3
>> Running: pyzipper
>> Running: oledump
>> Running: /opt/oledump-files/oledump.py
>> Running: nano
>> Running: file
>> Running: android-project-creator
>> Running: libdpkg-perl
>> Running: sandfly-processdecloak
>> Running: sleuthkit
>> Running: ilspycmd
>> Running: ghidra
>> Running: /usr/local/src/remnux/files/ghidra_9.1.2_PUBLIC_20200212.zip
>> Running: /usr/local/src/remnux/files/ghidra_9.2_PUBLIC_20201113.zip
>> Running: /usr/local/bin/ghidra
>> Running: /usr/local/ghidra_9.1.2_PUBLIC
>> Running: /usr/local/ghidra_9.2_PUBLIC
>> Running: bddisasm
>> Running: tzdata
>> Running: binwalk
>> Running: nasm
>> Running: scdbg
>> Running: jq
>> Running: runsc
>> Running: mono-devel
>> Running: evilclippy
>> Running: rar
>> Running: sharutils
>> Running: burpsuite-community
>> Running: msitools
>> Running: remnux-packages
>> Running: bitstring
>> Running: bottle
>> Running: distorm3==3.4.4
>> Running: fuzzywuzzy
>> Running: ndg-httpsclient
>> Running: olefile
>> Running: pydeep
>> Running: pygeoip
>> Running: pypdns
>> Running: pypssl
>> Running: requesocks
>> Running: setuptools
>> Running: shodan
>> Running: six >= 1.6
>> Running: wheel
>> Running: git+https://github.com/digitalsleuth/peepdf.git
>> Running: pype32
>> Running: /opt/vipermonkey
>> Running: regex<2022.1.18
>> Running: unidecode==1.2.0
>> Running: git+https://github.com/decalage2/ViperMonkey.git
>> Running: /usr/local/bin/vmonkey
>> Running: colorama
>> Running: construct==2.10.54
>> Running: swig
>> Running: m2crypto
>> Running: dpapick
>> Running: lxml
>> Running: ioc_writer
>> Running: openpyxl==2.1.2
>> Running: pefile==2019.4.18
>> Running: pillow
>> Running: pycoin
>> Running: pycrypto
>> Running: pysocks
>> Running: requests
>> Running: simplejson
>> Running: yara-python
>> Running: git+https://github.com/volatilityfoundation/volatility.git@master
>> Running: /usr/bin/vol.py
>> Running: https://github.com/sans-dfir/volatility-plugins-community.git
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/malware/malfind.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/malware/malfind.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/malprocfind.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/idxparser.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/chromehistory.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/mimikatz.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/openioc_scan.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/pstotal.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/firefoxhistory.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/autoruns.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/malfinddeep.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/prefetch.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/ssdeepscan.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/uninstallinfo.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/trustrecords.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/usnparser.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/apihooksdeep.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/editbox.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/javarat.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/community/FrancescoPicasso/mimikatz.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/sift/pstotal.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/sift/__init__.py
>> Running: /usr/local/lib/python2.7/dist-packages/volatility/plugins/community/DaveLasalle/chromehistory.py
>> Running: balbuzard
>> Running: poster
>> Running: remnux-python-packages
>> Running: pyperclip
>> Running: androguard
>> Running: setuptools_rust
>> Running: docker-compose
>> Running: git+https://github.com/buffer/ioc_parser
>> Running: ipwhois
>> Running: /usr/local/bin/ipwhois_cli.py
>> Running: /usr/local/bin/ipwhois_utils_cli.py
>> Running: /usr/local/bin/ipwhois_cli.py
>> Running: /usr/local/bin/ipwhois_utils_cli.py
>> Running: jsbeautifier
>> Running: /usr/local/src/remnux/files/mitmproxy-6.0.2-linux.tar.gz
>> Running: /usr/local/bin/
>> Running: /usr/local/bin/mitmproxy
>> Running: /usr/local/bin/mitmdump
>> Running: /usr/local/bin/mitmweb
>> Running: peframe
>> Running: peframe-ds
>> Running: pyelftools
>> Running: r2pipe
>> Running: git+https://github.com/doomedraven/VirusTotalApi
>> Running: xortool
>> Running: pylzma
>> Running: git+https://github.com/viper-framework/xxxswf.git
>> Running: setuptools
>> Running: libfuzzy2
>> Running: tesseract-ocr
>> Running: /usr/local/src/remnux/files/stpyv8-ubuntu-20.04-python-3.8.zip
>> Running: /usr/local/src/remnux/
>> Running: /usr/local/src/remnux/stpyv8-ubuntu-20.04-3.8/stpyv8-8.8.278.17-cp38-cp38-linux_x86_64.whl
>> Running: pytesseract
>> Running: https://github.com/buffer/thug
>> Running: thug
>> Running: /etc/thug
>> Running: /etc/thug/rules
>> Running: /etc/thug/personalities
>> Running: /etc/thug/scripts
>> Running: /etc/thug/plugins
>> Running: /etc/thug/hooks
>> Running: cp -R /usr/local/src/thug/thug/Classifier/rules/* /etc/thug/rules
>> Running: cp -R /usr/local/src/thug/thug/DOM/personalities/* /etc/thug/personalities
>> Running: /etc/thug/scripts/thug.js
>> Running: /etc/thug/scripts/storage.js
>> Running: /etc/thug/scripts/date.js
>> Running: /etc/thug/scripts/eval.js
>> Running: /etc/thug/scripts/write.js
>> Running: /etc/thug/thug.conf
>> Running: xlmmacrodeobfuscator
>> Running: /usr/local/bin/runxlrd2.py
>> Running: /usr/local/lib/python3.8/dist-packages/XLMMacroDeobfuscator/deobfuscator.py
>> Running: unicode
>> Running: pefile
>> Running: git+https://github.com/volatilityfoundation/volatility3.git
>> Running: /usr/local/bin/vol3
>> Running: /usr/local/bin/volshell3
>> Running: fakemail
>> Running: mwcp
>> Running: malwareconfig
>> Running: time-decode
>> Running: pcodedmp
>> Running: /usr/local/bin/pcodedmp
>> Running: /usr/local/apktool/
>> Running: /usr/local/apktool/apktool_2.4.1.jar
>> Running: /usr/local/bin/apktool
>> Running: unzip
>> Running: droidlysis
>> Running: /usr/local/lib/python3.8/dist-packages/droidconfig.py
>> Running: /usr/local/lib/python3.8/dist-packages/droidconfig.py
>> Running: /usr/local/lib/python3.8/dist-packages/droidconfig.py
>> Running: /usr/local/lib/python3.8/dist-packages/droidconfig.py
>> Running: default
>> Running: /opt/malwoverview
>> Running: malwoverview
>> Running: /home/default/.malwapi.conf
>> Running: /usr/local/bin/malwoverview.py
>> Running: pycryptodome==3.9.7
>> Running: chepy
>> Running: chepy[extras]
>> Running: frida-tools
>> Running: stringsifter
>> Running: oletools
>> Running: /usr/local/lib/python3.8/dist-packages/oletools/olevba.py
>> Running: protobuf
>> Running: remnux-python3-packages-unfurl-requirements
>> Running: git+https://github.com/obsidianforensics/unfurl.git@master
>> Running: remnux-python3-packages-speakeasy-requirements
>> Running: git+https://github.com/mandiant/speakeasy.git@master
>> Running: /usr/local/bin/emu_exe.py
>> Running: /usr/local/bin/emu_exe.py
>> Running: /usr/local/bin/emu_dll.py
>> Running: /usr/local/bin/emu_dll.py
>> Running: /usr/local/bin/run_speakeasy.py
>> Running: msoffcrypto-tool
>> Running: pyyaml
>> Running: qiling
>> Running: pe_tree
>> Running: wheel==0.36.2
>> Running: python3-urwid
>> Running: hachoir
>> Running: /usr/local/bin/hachoir-wx
>> Running: python-hachoir-core
>> Running: python-hachoir-regex
>> Running: python-hachoir-wx
>> Running: python-urwid
>> Running: git+https://github.com/TeamMsgExtractor/msg-extractor
>> Running: name-that-hash==1.1.0
>> Running: cffi
>> Running: git+https://github.com/MITRECND/malchive.git@main
>> Running: PyQtWebEngine
>> Running: remnux-python3-packages-vivisect-pyasn1-removal
>> Running: vivisect
>> Running: vivisect
>> Running: pcode2code
>> Running: mail-parser
>> Running: libcsce
>> Running: jinja2==3.0.3
>> Running: remnux-python3-packages
>> Running: therubyracer
>> Running: origami
>> Running: passivedns-client
>> Running: pedump
>> Running: remnux-rubygems
>> Running: /usr/local/src/remnux/files/pdf-parser_V0_7_4.zip
>> Running: /usr/local/src/remnux/pdf-parser_V0_7_4
>> Running: /usr/local/bin/pdf-parser.py
>> Running: /usr/local/bin/pdf-parser.py
>> Running: /usr/local/bin/pdf-parser.py
>> Running: /usr/local/src/remnux/files/pdfid_v0_2_8.zip
>> Running: /usr/local/src/remnux/pdfid_v0_2_8
>> Running: /usr/local/bin/pdfid.py
>> Running: /usr/local/bin/pdfid.py
>> Running: /usr/local/bin/pdfid.ini
>> Running: /usr/local/share/pdfid/plugin_embeddedfile.py
>> Running: /usr/local/share/pdfid/plugin_nameobfuscation.py
>> Running: /usr/local/share/pdfid/plugin_triage.py
>> Running: /usr/local/src/remnux/files/emldump_V0_0_11.zip
>> Running: /usr/local/src/remnux/emldump-0.0.11
>> Running: /usr/local/bin/emldump.py
>> Running: /usr/local/bin/emldump.py
>> Running: /usr/local/src/remnux/files/extractscripts.zip
>> Running: /usr/local/src/remnux/extractscripts
>> Running: /usr/local/bin/extractscripts.py
>> Running: /usr/local/bin/extractscripts.py
>> Running: /usr/local/src/remnux/files/virustotal-search_V0_1_5.zip
>> Running: /usr/local/src/remnux/virustotal-search_V0_1_5
>> Running: /usr/local/bin/virustotal-search.py
>> Running: /usr/local/bin/virustotal-search.py
>> Running: /usr/local/src/remnux/files/base64dump_V0_0_20.zip
>> Running: /usr/local/src/remnux/base64dump_V0_0_20
>> Running: /usr/local/bin/base64dump.py
>> Running: /usr/local/bin/base64dump.py
>> Running: /usr/local/bin/idx_parser.py
>> Running: /usr/local/bin/ex_pe_xor.py
>> Running: /usr/local/bin/extract_swf.py
>> Running: pyenchant
>> Running: /usr/local/bin/brxor.py
>> Running: /usr/local/bin/brxor.py
>> Running: /usr/local/bin/nomorexor.py
>> Running: /usr/local/bin/nomorexor.py
>> Running: /usr/local/bin/xorbruteforcer.py
>> Running: /usr/local/bin/xorbruteforcer.py
>> Running: perl
>> Running: /usr/local/bin/strdeob.pl
>> Running: /usr/local/bin/pyinstxtractor.py
>> Running: /usr/local/bin/pyinstxtractor.py
>> Running: /usr/local/bin/linux_mem_diff.py
>> Running: /usr/local/bin/linux_mem_diff.py
>> Running: /usr/local/bin/linux_mem_diff.py
>> Running: /usr/local/bin/linux_mem_diff.py
>> Running: /usr/local/src/remnux/files/rtfdump_V0_0_10.zip
>> Running: /usr/local/src/remnux/rtfdump_V0_0_10
>> Running: /usr/local/bin/rtfdump.py
>> Running: /usr/local/bin/rtfdump.py
>> Running: /usr/local/src/remnux/files/virustotal-submit_V0_0_3.zip
>> Running: /usr/local/src/remnux/virustotal-submit_V0_0_3
>> Running: /usr/local/bin/virustotal-submit.py
>> Running: /usr/local/bin/virustotal-submit.py
>> Running: /usr/local/bin/hash-id.py
>> Running: /usr/local/bin/hash-id.py
>> Running: /usr/local/bin/hash-id.py
>> Running: /usr/local/src/remnux/files/disitool_v0_4.zip
>> Running: /usr/local/bin/
>> Running: /usr/local/bin/disitool.py
>> Running: /usr/local/bin/disitool.py
>> Running: /usr/local/src/remnux/files/cut-bytes_V0_0_13.zip
>> Running: /usr/local/src/remnux/cut-bytes_V0_0_13
>> Running: /usr/local/src/remnux/cut-bytes_V0_0_13/cut-bytes.py
>> Running: /usr/local/bin/cut-bytes.py
>> Running: /usr/local/bin/cut-bytes.py
>> Running: /usr/local/src/remnux/files/xor-kpa_V0_0_5.zip
>> Running: /usr/local/src/remnux/xor-kpa_V0_0_5
>> Running: /usr/local/bin/xor-kpa.py
>> Running: /usr/local/bin/xor-kpa.py
>> Running: cpan install Crypt::RC4
>> Running: cpan install Crypt::Blowfish
>> Running: cpan install Archive::Zip
>> Running: cpan install Digest::CRC
>> Running: cpan install OLE::Storage_Lite
>> Running: /usr/local/bin/dexray
>> Running: iproute2
>> Running: /usr/local/bin/mynic
>> Running: iptables
>> Running: /usr/local/bin/accept-all-ips
>> Running: /usr/local/bin/myip
>> Running: /usr/local/src/remnux/files/translate_v2_5_11.zip
>> Running: /usr/local/src/remnux/translate_v2_5_11
>> Running: /usr/local/bin/translate.py
>> Running: /usr/local/bin/translate.py
>> Running: /usr/local/src/remnux/files/zipdump_v0_0_21.zip
>> Running: /usr/local/src/remnux/zipdump_v0_0_21
>> Running: /usr/local/src/remnux/zipdump_v0_0_21/zipdump.py
>> Running: /usr/local/bin/zipdump.py
>> Running: /usr/local/src/remnux/files/xmldump_V0_0_7.zip
>> Running: /usr/local/src/remnux/xmldump_V0_0_7
>> Running: /usr/local/src/remnux/xmldump_V0_0_7/xmldump.py
>> Running: /usr/local/bin/xmldump.py
>> Running: /usr/local/src/remnux/files/pecheck-v0_7_12.zip
>> Running: /usr/local/src/remnux/pecheck-v0_7_12
>> Running: /usr/local/bin/pecheck.py
>> Running: /usr/local/bin/pecheck.py
>> Running: /usr/local/src/remnux/files/msoffcrypto-crack_V0_0_5.zip
>> Running: /usr/local/src/remnux/msoffcrypto-crack_V0_0_5
>> Running: /usr/local/bin/msoffcrypto-crack.py
>> Running: /usr/local/bin/msoffcrypto-crack.py
>> Running: /usr/local/bin/msoffcrypto-crack.py
>> Running: /usr/local/bin/unxor.py
>> Running: /usr/local/bin/unxor.py
>> Running: /usr/local/src/remnux/files/numbers-to-string_v0_0_11.zip
>> Running: /usr/local/src/remnux/numbers-to-string_v0_0_11
>> Running: /usr/local/src/remnux/numbers-to-string_v0_0_11/numbers-to-string.py
>> Running: /usr/local/bin/numbers-to-string.py
>> Running: /usr/local/src/remnux/files/pdftool_V0_0_1.zip
>> Running: /usr/local/src/remnux/pdftool_V0_0_1
>> Running: /usr/local/src/remnux/pdftool_V0_0_1/pdftool.py
>> Running: /usr/local/bin/pdftool.py
>> Running: /usr/local/bin/anomy
>> Running: /usr/local/bin/anomy
>> Running: /usr/local/bin/shcode2exe
>> Running: /usr/local/bin/dllcharacteristics.py
>> Running: /usr/local/src/remnux/files/1768_v0_0_11.zip
>> Running: /usr/local/src/remnux/1768_v0_0_11
>> Running: /usr/local/bin/1768.py
>> Running: /usr/local/bin/1768.py
>> Running: /usr/local/src/remnux/files/re-search_V0_0_18.zip
>> Running: /usr/local/src/remnux/re-search_V0_0_18
>> Running: /usr/local/bin/re-search.py
>> Running: /usr/local/bin/re-search.py
>> Running: /usr/local/bin/reextra.py
>> Running: /usr/local/src/remnux/files/sets_V0_0_3.zip
>> Running: /usr/local/src/remnux/sets_V0_0_3
>> Running: /usr/local/bin/sets.py
>> Running: /usr/local/bin/sets.py
>> Running: /usr/local/src/remnux/files/format-bytes_V0_0_13.zip
>> Running: /usr/local/src/remnux/format-bytes_V0_0_13
>> Running: /usr/local/bin/format-bytes.py
>> Running: /usr/local/bin/format-bytes.py
>> Running: /usr/local/bin/format-bytes.library
>> Running: /usr/local/bin/texteditor.py
>> Running: /usr/local/bin/texteditor.py
>> Running: python3-dnslib
>> Running: /usr/local/src/remnux/files/dnsresolver_V0_0_1.zip
>> Running: /usr/local/src/remnux/dnsresolver_V0_0_1
>> Running: /usr/local/src/remnux/dnsresolver_V0_0_1/dnsresolver.py
>> Running: /usr/local/bin/dnsresolver.py
>> Running: /usr/local/src/remnux/files/decode-vbe_V0_0_2.zip
>> Running: /usr/local/src/remnux/decode-vbe_V0_0_2
>> Running: /usr/local/src/remnux/decode-vbe_V0_0_2/decode-vbe.py
>> Running: /usr/local/bin/decode-vbe.py
>> Running: /usr/local/src/remnux/files/cs-decrypt-metadata_V0_0_4.zip
>> Running: /usr/local/src/remnux/cs-decrypt-metadata_V0_0_4
>> Running: /usr/local/bin/cs-decrypt-metadata.py
>> Running: /usr/local/bin/cs-decrypt-metadata.py
>> Running: /usr/local/src/remnux/files/cs-extract-key_V0_0_1.zip
>> Running: /usr/local/src/remnux/cs-extract-key_V0_0_1
>> Running: /usr/local/bin/cs-extract-key.py
>> Running: /usr/local/bin/cs-extract-key.py
>> Running: remnux-scripts
>> Running: /etc/inetsim/inetsim.conf
>> Running: /var/lib/inetsim/certs/default_key.pem
>> Running: inetsim
>> Running: /home/default/.wgetrc
>> Running: /home/default/.curlrc
>> Running: /usr/local/share/remnux/objects.js
>> Running: /home/default/.bashrc
>> Running: /usr/local/share/remnux/bash-aliases.sh
>> Running: /home/default/.bashrc
>> Running: /home/default/.bash_history
>> Running: /var/log/thug
>> Running: /home/default/.bashrc
>> Running: /usr/local/src/remnux/files/networkminer-2.7.3.zip
>> Running: /usr/local/
>> Running: /usr/local/NetworkMiner_2-7-3/NetworkMiner.exe
>> Running: /usr/local/bin/networkminer
>> Running: /usr/local/NetworkMiner_2-5
>> Running: /usr/local/NetworkMiner_2-6
>> Running: /usr/local/NetworkMiner_2-7-1
>> Running: /usr/local/NetworkMiner_2-7-2
>> Running: /usr/local/NetworkMiner_2-7-3/AssembledFiles.original
>> Running: /var/log/networkminer/AssembledFiles/cache
>> Running: /usr/local/NetworkMiner_2-7-3/AssembledFiles
>> Running: /usr/local/NetworkMiner_2-7-3/Captures.original
>> Running: /var/log/networkminer/Captures
>> Running: /usr/local/NetworkMiner_2-7-3/Captures
>> Running: salt-minion
>> Running: remnux-config-salt-minion-placeholder
>> Running: /home/default/.local
>> Running: /home/default/.config
>> Running: /home/default/.cpan
>> Running: /home/default/.dbus
>> Running: /home/default/.cache
>> Running: /usr/local/src/remnux/files/ghidra-data-type.zip
>> Running: /home/default/.ghidra/gdt
>> Running: /home/default/.ghidra/.ghidra_10.1.1_PUBLIC/preferences
>> Running: /home/default/.ghidra/.ghidra_10.1.1_PUBLIC/tools/_code_browser.tcd
>> Running: /home/default/.ghidra/.ghidra_10.1.1_PUBLIC/tools/_version _tracking.tcd
>> Running: /home/default/.ghidra
>> Running: box-js
>> Running: /usr/bin/box-export
>> Running: /usr/bin/box-export
>> Running: /usr/bin/box-export
>> Running: /usr/local/bin/remnux
>> Running: /usr/local/src/remnux/files/capa-v2.0.0-linux.zip
>> Running: /usr/local/src/remnux/capa-v2.0.0-linux
>> Running: /usr/local/bin/capa
>> Running: /usr/local/share/capa-rules
>> Running: /etc/bash_completion.d/remnuxlib
>> Running: /etc/bash_completion.d/pdf-parser
>> Running: /etc/bash_completion.d/pdfid
>> Running: /etc/bash_completion.d/rtfdump
>> Running: /etc/bash_completion.d/xxxswf
>> Running: /etc/bash_completion.d/balbuzard
>> Running: /etc/bash_completion.d/base64dump
>> Running: /etc/bash_completion.d/box-js
>> Running: /etc/bash_completion.d/brxor
>> Running: /etc/bash_completion.d/clamav
>> Running: /etc/bash_completion.d/floss
>> Running: /etc/bash_completion.d/js
>> Running: /etc/bash_completion.d/oledump
>> Running: /etc/bash_completion.d/zipdump
>> Running: /etc/bash_completion.d/pecheck
>> Running: /etc/bash_completion.d/olevba
>> Running: /etc/bash_completion.d/peframe
>> Running: /etc/bash_completion.d/thug
>> Running: /etc/bash_completion.d/volatility
>> Running: /etc/bash_completion.d/pev
>> Running: /etc/bash_completion.d/pedump
>> Running: /etc/bash_completion.d/swfdump
>> Running: /etc/bash_completion.d/upx
>> Running: /etc/bash_completion.d/xortool
>> Running: /etc/bash_completion.d/virustotal-search
>> Running: /etc/bash_completion.d/remnix-cli
>> Running: /etc/bash_completion.d/pcodedmp
>> Running: /etc/bash_completion.d/xor-kpa
>> Running: /etc/bash_completion.d/msoffice-crypt
>> Running: /etc/bash_completion.d/binee
>> Running: /etc/bash_completion.d/translate
>> Running: /etc/bash_completion.d/unfurl
>> Running: /etc/bash_completion.d/capa
>> Running: /opt/binee-files/win10_32/windows/system32
>> Running: /etc/nginx/nginx.conf
>> Running: /etc/nginx/sites-enabled/default
>> Running: /var/www/html/index.nginx-debian.html
>> Running: /var/www/html
>> Running: /opt/AndroidProjectCreator/library
>> Running: /usr/local/lib/python3.8/dist-packages/volatility3/framework/symbols
>> Running: remnux-config
>> Running: urllib3
>> Running: certifi
>> Running: https://github.com/1aN0rmus/TekDefense-Automater
>> Running: /usr/local/automater/Automater.py
>> Running: /usr/local/bin/Automater.py
>> Running: /usr/local/bin/Automater.py
>> Running: /usr/local/src/remnux/files/js-1.7.0-mod-c.zip
>> Running: /usr/local/src/remnux/js-1.7.0-mod-c
>> Running: /usr/local/bin/js-file
>> Running: /usr/local/bin/js-patched
>> Running: /usr/local/bin/js-ascii
>> Running: /usr/local/src/remnux/files/flare06linux64.tgz
>> Running: /usr/local/src/remnux/flare06linux64
>> Running: /usr/local/bin/flare
>> Running: /usr/local/src/remnux/files/flasm16linux.tgz
>> Running: /usr/local/src/remnux/flasm16linux
>> Running: /usr/local/bin/flasm
>> Running: /usr/local/src/remnux/files/jad-1.5.8-elf-32.zip
>> Running: /usr/local/src/remnux/jad-1.5.8
>> Running: /usr/local/bin/jad
>> Running: xdg-utils
>> Running: /usr/share/desktop-directories/
>> Running: /usr/share/icons/hicolor/
>> Running: jd-gui
>> Running: /usr/local/cyberchef
>> Running: /usr/local/bin/cyberchef
>> Running: /usr/local/cfr/
>> Running: /usr/local/cfr/cfr-0.149.jar
>> Running: /usr/local/bin/cfr
>> Running: /usr/local/bin/cutter
>> Running: /usr/share/icons/cutter.svg
>> Running: python3-netifaces
>> Running: /usr/local/src/remnux/files/fakedns.py
>> Running: /usr/local/bin/fakedns
>> Running: https://github.com/repnz/shellcode2exe.git
>> Running: /usr/local/bin/shellcode2exe.bat
>> Running: /usr/local/shellcode2exe-bat
>> Running: /usr/local/src/remnux/files/bytehist_1_0_102_linux.zip
>> Running: /usr/local/src/remnux/bytehist_1_0_102_linux
>> Running: /usr/local/bin/bytehist
>> Running: /usr/local/binnavi/
>> Running: /usr/local/binnavi/binnavi-all.jar
>> Running: /usr/local/bin/binnavi
>> Running: dotnet-runtime-3.1
>> Running: /usr/local/src/remnux/files/de4dot-netcoreapp3.1.zip
>> Running: /usr/local/de4dot
>> Running: /usr/local/bin/de4dot
>> Running: /usr/local/src/remnux/files/trid_linux_64.zip
>> Running: /usr/local/src/remnux/files/tridupdate.zip
>> Running: /usr/local/trid_linux_64
>> Running: /usr/local/trid_linux_64
>> Running: /usr/local/trid_linux_64/trid
>> Running: /usr/local/trid_linux_64/tridupdate.py
>> Running: /usr/local/trid_linux_64/tridupdate.py
>> Running: /usr/local/trid_linux_64/tridupdate.py
>> Running: /usr/local/trid_linux_64/tridupdate.py
>> Running: /usr/local/bin/trid
>> Running: /usr/local/bin/tridupdate
>> Running: /usr/bin/python3 /usr/local/bin/tridupdate
>> Running: /usr/bin/python3 /usr/local/bin/tridupdate
>> Running: libboost-regex-dev
>> Running: libboost-filesystem-dev
>> Running: libboost-program-options-dev
>> Running: /usr/local/src/remnux/files/manalyze-0.9.tgz
>> Running: /usr/local
>> Running: /usr/local/bin/manalyze
>> Running: /usr/local/src/remnux/files/PolarProxy_0-9-0_linux-x64.tar.gz
>> Running: /usr/local/polarproxy/
>> Running: /usr/local/polarproxy/PolarProxy
>> Running: /usr/local/bin/polarproxy
>> Running: /usr/local/src/remnux/files/SSView.zip
>> Running: /usr/local/ssview
>> Running: /usr/local/bin/ssview
>> Running: https://github.com/Yara-Rules/rules.git
>> Running: /usr/local/bin/yara-rules
>> Running: https://github.com/omriher/CapTipper.git
>> Running: /usr/local/CapTipper/CapTipper.py
>> Running: /usr/local/bin/CapTipper.py
>> Running: default-jdk
>> Running: /usr/local/src/remnux/files/jadx-1.3.1.zip
>> Running: /usr/local/jadx
>> Running: /usr/local/bin/jadx
>> Running: /usr/local/bin/jadx-gui
>> Running: libglib2.0-0
>> Running: qt5-default
>> Running: libqt5scripttools5
>> Running: /usr/local/src/remnux/files/die_3.04_Ubuntu_20.04_amd64.deb
>> Running: /usr/local/bin/die
>> Running: /usr/local/bin/diec
>> Running: remnux-tools-detect-it-easy-install
>> Running: remnux-tools
>> Running: git+https://github.com/mindedsecurity/JStillery.git
>> Running: /usr/bin/jstillery
>> Running: remnux-node-packages
>> Running: cpan install Image::ExifTool
>> Running: remnux-perl-packages
>> Running: /etc/remnux-version
>> Running: gnome-session
>> Running: gdm3
>> Running: open-vm-tools-desktop
>> Running: gnome-terminal
>> Running: gnome-shell-extensions
>> Running: gnome-tweaks
>> Running: remnux-theme-core
>> Running: /usr/share/applications/vim.desktop
>> Running: /usr/share/applications/debian-xterm.desktop
>> Running: /usr/share/applications/debian-uxterm.desktop
>> Running: /usr/share/applications/xpdf.desktop
>> Running: /usr/share/applications/info.desktop
>> Running: /usr/local/share/remnux/remnux-logo.png
>> Running: /usr/local/share/remnux/gnome-config.sh
>> Running: /home/default/.config/dconf
>> Running: /home/default/.config/autostart/gnome-config.desktop
>> Running: /home/default/.config/autostart/gnome-terminal.desktop
>> Running: /home/default/.config/autostart/ignore-lid-switch-tweak.desktop
>> Running: /home/default/.config/autostart/xhost.desktop
>> Running: /home/default/.config
>> Running: /usr/local/share/remnux/terminal-profiles.ini
>> Running: dbus-run-session -- dconf load /org/gnome/terminal/legacy/profiles:/:b1dcc9dd-5262-4d8d-a863-c897e6d979b9/ < /usr/local/share/remnux/terminal-profiles.ini
>> Running: /etc/xdg/autostart/gnome-keyring-ssh.desktop
>> Running: /usr/share/applications/cutter.desktop
>> Running: /usr/share/icons/binnavi.png
>> Running: /usr/share/applications/binnavi.desktop
>> Running: /usr/share/icons/cyberchef.png
>> Running: /usr/share/icons/networkminer.png
>> Running: /usr/share/applications/networkminer.desktop
>> Running: /usr/share/applications/cyberchef.desktop
>> Running: remnux-theme-gnome-config
>> Running: /usr/share/icons/die.png
>> Running: /usr/share/applications/die.desktop
>> Running: /usr/share/remnux
>> Running: /etc/gdm3/custom.conf
>> Running: /etc/gdm3/custom.conf
>> Running: /etc/sudoers.d/remnux
>> Running: yelp
>> Running: avahi-daemon
>> Running: unattended-upgrades
>> Running: /etc/apt/apt.conf.d/20auto-upgrades
>> Running: bluetooth
>> Running: docker
>> Running: /usr/local/bin/docker
>> Running: apt-get autoremove -y
>> Running: /etc/ssh/sshd_config
>> Running: /etc/ssh/sshd_config
>> Running: /etc/ssh/sshd_config
>> Running: /etc/ssh/sshd_config
>> Running: /etc/ssh/sshd_config
>> Running: /etc/ssh/sshd_config
>> Running: away-from-the-dog
>> Running: echo "wireshark-common wireshark-common/install-setuid select True"| debconf-set-selections; dpkg-reconfigure -f noninteractive wireshark-common
>> Running: wireshark
>> Running: remnux-theme
>> Running: remnux-cloud
>> COMPLETED SUCCESSFULLY! Success: 812, Failure: 0

>> Please reboot to make sure all settings go into effect.

Remnux did install and be accessed via any user

Remnux installed
root@ip-172-31-7-191:~# su default
$ sudo remnux update
> remnux-cli@1.3.4.2.g87c65ef
> remnux-version: v2022.15.6

Thank you for taking the time to help resolve my issue. I have successfully installed the Gnome-Desktop Gui and connected via RDP from my Mac M1 using "Microsoft Remote Desktop". The issue I am having is after reboot I try to login as ubuntu IMG_4002 and I get this "Connection Log Error" IMG_3989 so my work around was creating a different user to sign into for example "default" or root (after setting a password) Screen Shot 2022-04-14 at 4 45 29 PM however that just takes me to ubuntu again Screen Shot 2022-04-14 at 4 45 55 PM but when I successfully login to the account that REMnux was installed via mode cloud all I get is a black screen that never loads

Screen Shot 2022-04-14 at 4 44 47 PM

Any next steps will definitely be appreciated. Thank you.

digitalsleuth commented 2 years ago

If you're able to SSH into the instance as the desired user, can you run the following: env | grep DISPLAY and let me know what it says? It's likely that the environment DISPLAY doesn't match the RDP set display of 0.

Ortizachris commented 2 years ago

I will try that later today and post my update here

Ortizachris commented 2 years ago

I am currently unable to ssh as the desired user but in the process of creating ssh key pairs via was documentation to see if I can sign in at that user. I am able to ssh and ubuntu or root and run env | grep DISPLAY with no result as well as sudo su - desired_user and env | grep DISPLAY with no result either

digitalsleuth commented 2 years ago

So when you installed remnux, were you logged in as the desired user, or were you logged in as another user, and passed the "--user" flag? Your commands don't show that you did use the --user flag, which will install remnux for that user. If you did not, it will have installed remnux for the user you were logged in as (either ubuntu or root)

Ortizachris commented 2 years ago

recreated an exact instance under sudo remnux install --user default --mode=cloud same issue "black screen"

default being the user I installed remnux on

sudo remnux update remnux-cli@1.3.4.2.g87c65ef remnux-version: v2022.15.6

Screen Shot 2022-04-15 at 9 02 25 PM
Ortizachris commented 2 years ago

Solution 1: Fix Black Ubuntu Screen

Edit the following script file sudo nano /etc/xrdp/startwm.sh Add following lines Per ScreenShot

unset DBUS_SESSION_BUS_ADDRESS
unset XDG_RUNTIME_DIR

Restart Service sudo systemctl restart xrdp

Login Congrats

Screen Shot 2022-04-15 at 10 10 24 PM Screen Shot 2022-04-15 at 10 10 53 PM