medimigh commented 4 years ago

after using Win7_intel the crash been fixed but still can't communicate with the host : ERROR: Error starting Virtual Machine! VM: cuckoo1, error: VBoxManage failed starting the machine in headless mode. Are you sure your machine is still functioning correctly when trying to use it manually? Error: VBoxManage: error: cpum#1: X86_CPUID_AMD_FEATURE_EDX_AXMMX is not supported by the host but has already exposed to the guest [ver=17 pass=final] (VERR_SSM_LOAD_CPUID_MISMATCH) VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component ConsoleWrap, interface IConsole

Error processing task #31: it appears that the Virtual Machine hasn't been able to contact back to

Help please

ashemery commented 4 years ago

What is the content of your virtualbox.conf file? Please explain how you imported or configured the new Win_Intel VM so I can help.

medimigh commented 4 years ago

What is the content of your virtualbox.conf file? [virtualbox]

Specify which VirtualBox mode you want to run your machines on.

Can be "gui" or "headless". Please refer to VirtualBox's official

documentation to understand the differences.

mode = {{ virtualbox.virtualbox.mode }}

Path to the local installation of the VBoxManage utility.

path = {{ virtualbox.virtualbox.path }}

If you are running Cuckoo on Mac OS X you have to change the path as follows:

path = /Applications/VirtualBox.app/Contents/MacOS/VBoxManage

Default network interface.

interface = {{ virtualbox.virtualbox.interface }}

Specify a comma-separated list of available machines to be used. For each

specified ID you have to define a dedicated section containing the details

on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)

machines = {{ virtualbox.virtualbox.machines }}

If remote control is enabled in cuckoo.conf, specify a port range to use.

Virtualbox will bind the VRDP interface to the first available port.

controlports = {{ virtualbox.virtualbox.controlports }}

{% for machine in config("virtualbox:virtualbox:machines") %} [{{ machine }}]

Specify the label name of the current machine as specified in your

VirtualBox configuration.

label = {{ virtualbox[machine].label }}

Specify the operating system platform used by current machine

[windows/darwin/linux].

platform = {{ virtualbox[machine].platform }}

Specify the IP address of the current virtual machine. Make sure that the

IP address is valid and that the host machine is able to reach it. If not,

the analysis will fail.

ip = {{ virtualbox[machine].ip }}

(Optional) Specify the snapshot name to use. If you do not specify a snapshot

name, the VirtualBox MachineManager will use the current snapshot.

Example (Snapshot1 is the snapshot name):

snapshot = {{ virtualbox[machine].snapshot }}

(Optional) Specify the name of the network interface that should be used

when dumping network traffic from this machine with tcpdump. If specified,

overrides the default interface specified in auxiliary.conf

Example (vboxnet0 is the interface name):

interface = {{ virtualbox[machine].interface }}

(Optional) Specify the IP of the Result Server, as your virtual machine sees it.

The Result Server will always bind to the address and port specified in cuckoo.conf,

however you could set up your virtual network to use NAT/PAT, so you can specify here

the IP address for the Result Server as your machine sees it. If you don't specify an

address here, the machine will use the default value from cuckoo.conf.

NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.

Example:

resultserver_ip = {{ virtualbox[machine].resultserver_ip }}

(Optional) Specify the port for the Result Server, as your virtual machine sees it.

The Result Server will always bind to the address and port specified in cuckoo.conf,

however you could set up your virtual network to use NAT/PAT, so you can specify here

the port for the Result Server as your machine sees it. If you don't specify a port

here, the machine will use the default value from cuckoo.conf.

Example:

resultserver_port = {{ virtualbox[machine].resultserver_port }}

(Optional) Set your own tags. These are comma separated and help to identify

specific VMs. You can run samples on VMs with tag you require.

tags = {{ virtualbox[machine].tags }}

Mostly unused for now. Please don't fill it out.

options = {{ virtualbox[machine].options }}

(Optional) Specify the OS profile to be used by volatility for this

virtual machine. This will override the guest_profile variable in

memory.conf which solves the problem of having multiple types of VMs

and properly determining which profile to use.

osprofile = {{ virtualbox[machine].osprofile }} {% endfor %}

[honeyd]

For more information on this VM please refer to the "services" section of

the conf/auxiliary.conf configuration file. This machine is a bit special

in the way that its used as an additional VM for an analysis.

NOTE that if this functionality is used, the VM should be registered in

the "machines" list in the beginning of this file.

label = honeyd platform = linux ip = 192.168.56.102

The tags should at least contain "service" and the name of this service.

This way the services auxiliary module knows how to find this particular VM.

tags = service, honeyd

Not all services actually have a Cuckoo Agent running in the VM, for those

services one can specify the "noagent" option so Cuckoo will just wait until

the end of the analysis instead of trying to connect to the non-existing

Cuckoo Agent. We can't really intercept any inter-VM communication from the

host / gateway so in order to dump traffic between VMs we have to use a

different network dumping approach. For this machine we use the "nictrace"

functionality from VirtualBox (which is basically their internal tcpdump)

and thus properly dumps inter-VM traffic.

options = nictrace noagent

Please explain how you imported or configured the new Win_Intel VM so I can help. extract it in the host and imported to the Virtualbox

ashemery commented 4 years ago

It looks like you're using a Mac OSX system; correct me if I'm wrong.

That is not how you import and use this VM. I will be writing a blog post very soon to clarify things.

medimigh commented 4 years ago

I'm using Windows (10) System.

I will wait for your post in your blog.

Thank you

ThA33 commented 4 years ago

I faced the same issue and i solved, so after you opened the Win7_intel in vbox you need to change one thing inside virtualbox.conf file

[cuckoo1]

Specify the label name of the current machine as specified in your

VirtualBox configuration.

label = Win7 => change this to a new image "Win7_intel"

label = cuckoo1

i hope this will solve your issue.

ashemery / CuckooVM

code NS_ERROR_FAILURE (0x80004005), component ConsoleWrap, interface IConsole #2

Specify which VirtualBox mode you want to run your machines on.

Can be "gui" or "headless". Please refer to VirtualBox's official

documentation to understand the differences.

Path to the local installation of the VBoxManage utility.

If you are running Cuckoo on Mac OS X you have to change the path as follows:

path = /Applications/VirtualBox.app/Contents/MacOS/VBoxManage

Default network interface.

Specify a comma-separated list of available machines to be used. For each

specified ID you have to define a dedicated section containing the details

on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)

If remote control is enabled in cuckoo.conf, specify a port range to use.

Virtualbox will bind the VRDP interface to the first available port.

Specify the label name of the current machine as specified in your

VirtualBox configuration.

Specify the operating system platform used by current machine

[windows/darwin/linux].

Specify the IP address of the current virtual machine. Make sure that the

IP address is valid and that the host machine is able to reach it. If not,

the analysis will fail.

(Optional) Specify the snapshot name to use. If you do not specify a snapshot

name, the VirtualBox MachineManager will use the current snapshot.

Example (Snapshot1 is the snapshot name):

(Optional) Specify the name of the network interface that should be used

when dumping network traffic from this machine with tcpdump. If specified,

overrides the default interface specified in auxiliary.conf

Example (vboxnet0 is the interface name):

(Optional) Specify the IP of the Result Server, as your virtual machine sees it.

The Result Server will always bind to the address and port specified in cuckoo.conf,

however you could set up your virtual network to use NAT/PAT, so you can specify here

the IP address for the Result Server as your machine sees it. If you don't specify an

address here, the machine will use the default value from cuckoo.conf.

NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.

Example:

(Optional) Specify the port for the Result Server, as your virtual machine sees it.

The Result Server will always bind to the address and port specified in cuckoo.conf,

however you could set up your virtual network to use NAT/PAT, so you can specify here

the port for the Result Server as your machine sees it. If you don't specify a port

here, the machine will use the default value from cuckoo.conf.

Example:

(Optional) Set your own tags. These are comma separated and help to identify

specific VMs. You can run samples on VMs with tag you require.

Mostly unused for now. Please don't fill it out.

(Optional) Specify the OS profile to be used by volatility for this

virtual machine. This will override the guest_profile variable in

memory.conf which solves the problem of having multiple types of VMs

and properly determining which profile to use.

For more information on this VM please refer to the "services" section of

the conf/auxiliary.conf configuration file. This machine is a bit special

in the way that its used as an additional VM for an analysis.

NOTE that if this functionality is used, the VM should be registered in

the "machines" list in the beginning of this file.

The tags should at least contain "service" and the name of this service.

This way the services auxiliary module knows how to find this particular VM.

Not all services actually have a Cuckoo Agent running in the VM, for those

services one can specify the "noagent" option so Cuckoo will just wait until

the end of the analysis instead of trying to connect to the non-existing

Cuckoo Agent. We can't really intercept any inter-VM communication from the

host / gateway so in order to dump traffic between VMs we have to use a

different network dumping approach. For this machine we use the "nictrace"

functionality from VirtualBox (which is basically their internal tcpdump)

and thus properly dumps inter-VM traffic.

Specify the label name of the current machine as specified in your

VirtualBox configuration.

label = cuckoo1