search

brad-sp / cuckoo-modified

Modified edition of cuckoo
270 stars 98 forks source link

Can't start /utils/web.py #259

Open Helyx1337 opened 8 years ago

Helyx1337 commented 8 years ago

Hello, when trying to start web.py i get the following error: lib.cuckoo.common.exceptions.CuckooDatabaseError: DB schema version mismatch: found 495d5a6edef3, expected 4b09c454108c.

I already made the changes described in https://github.com/brad-accuvant/cuckoo-modified/commit/66091031d767eeae59331167be4b8b30b51ee8a6 but the issue is still there. Any ideas?

brad-sp commented 8 years ago

Did you do: cd utils/db_migration/ && alembic upgrade head ?

Helyx1337 commented 8 years ago

Yes, it says "INFO [alembic.migration] Context impl MySQLImpl. INFO [alembic.migration] Will assume non-transactional DDL. Unable to import pymongo (install with pip install pymongo)"

but pymongo is installed

seanthegeek commented 8 years ago

What happens when you run import pymongo in a Python console?

brad-sp commented 8 years ago

It's due to some old code present in the 0.6->1.1 conversion. It'll need to be migrated away from pymongo.connection to mongoclient.

-Brad

brad-sp commented 8 years ago

Pulled the fix from upstream, presumably should be fixed now. Let me know if it's still broken.

-Brad

Helyx1337 commented 8 years ago

@seanthegeek nothing. no error or success message @brad-accuvant web.py seems to work fine now, thanks! but when starting cuckoo.py i'm getting this: 2015-11-19 14:27:23,053 [root] CRITICAL: CuckooCriticalError: Unable to import plugin "modules.processing.network": No module named dns.resolver

EDIT: fixed it. i just had to install dnspython

sudo apt-get install python-dnspython

Helyx1337 commented 8 years ago

Okay got a new error during analysis:

2015-11-19 15:04:52,260 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: [Errno 13] Permission denied: 'C:\1540.ini' 2015-11-19 15:05:20,661 [modules.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7 to path /media/cuckoo/cuckoo_nest/modded_cuckoo/storage/analyses/1/memory.dmp 2015-11-19 15:05:28,002 [modules.processing.behavior] INFO: Analysis results folder does not contain any file or injection was disabled. 2015-11-19 15:05:28,233 [modules.processing.static] WARNING: Detected outdated version of pefile. Please update to the latest version at https://github.com/erocarrera/pefile 2015-11-19 15:05:28,233 [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "Static": Traceback (most recent call last): File "/media/cuckoo/cuckoo_nest/modded_cuckoo/lib/cuckoo/core/plugins.py", line 197, in process data = current.run() File "/media/cuckoo/cuckoo_nest/modded_cuckoo/modules/processing/static.py", line 1274, in run static = PortableExecutable(self.file_path, self.results).run() File "/media/cuckoo/cuckoo_nest/modded_cuckoo/modules/processing/static.py", line 757, in run peresults["exports"] = self._get_exported_symbols() File "/media/cuckoo/cuckoo_nest/modded_cuckoo/modules/processing/static.py", line 355, in _get_exported_symbols symbol["name"] = convert_to_printable(exported_symbol.name) File "/media/cuckoo/cuckoo_nest/modded_cuckoo/lib/cuckoo/common/utils.py", line 119, in convert_to_printable if is_printable(s): File "/media/cuckoo/cuckoo_nest/modded_cuckoo/lib/cuckoo/common/utils.py", line 91, in is_printable for c in s: TypeError: 'NoneType' object is not iterable

brad-sp commented 8 years ago

2015-11-19 15:05:28,233 [modules.processing.static] WARNING: Detected outdated version of pefile. Please update to the latest version at https://github.com/erocarrera/pefile

is probably the key part. Try updating it first.

-Brad

Helyx1337 commented 8 years ago

Doesnt work... sudo python setup.py install Traceback (most recent call last): File "setup.py", line 8, in import pefile File "/home/cuckoo/Downloads/pefile-master/pefile.py", line 25, in version = '1.2.10-%d' % int( revision[21:-2] ) ValueError: invalid literal for int() with base 10: ''

brad-sp commented 8 years ago

Change the line: revision = "$LastChangedRevision$" in pefile.py to: revision = "0"

-Brad

Helyx1337 commented 8 years ago

Now its Traceback (most recent call last): File "setup.py", line 8, in import pefile File "/home/cuckoo/Downloads/pefile-master/pefile.py", line 25, in version = '1.2.10-%d' % int( revision[21:-2] ) TypeError: 'int' object has no attribute 'getitem'

:/

brad-sp commented 8 years ago

Also change that line to:

version = '1.2.10'

Helyx1337 commented 8 years ago

Okay that worked. But cant test cuckoo today. Thanks so far!

Helyx1337 commented 8 years ago

Still getting the following errors:

2015-11-23 15:09:16,082 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: [Errno 13] Permission denied: 'C:\2456.ini'

and

2015-11-23 15:09:54,237 [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "Static": Traceback (most recent call last): File "/media/cuckoo/cuckoo_nest/modded_cuckoo/lib/cuckoo/core/plugins.py", line 197, in process data = current.run() File "/media/cuckoo/cuckoo_nest/modded_cuckoo/modules/processing/static.py", line 1274, in run static = PortableExecutable(self.file_path, self.results).run() File "/media/cuckoo/cuckoo_nest/modded_cuckoo/modules/processing/static.py", line 757, in run peresults["exports"] = self._get_exported_symbols() File "/media/cuckoo/cuckoo_nest/modded_cuckoo/modules/processing/static.py", line 355, in _get_exported_symbols symbol["name"] = convert_to_printable(exported_symbol.name) File "/media/cuckoo/cuckoo_nest/modded_cuckoo/lib/cuckoo/common/utils.py", line 119, in convert_to_printable if is_printable(s): File "/media/cuckoo/cuckoo_nest/modded_cuckoo/lib/cuckoo/common/utils.py", line 91, in is_printable for c in s: TypeError: 'NoneType' object is not iterable

Sorry for being annoying...

brad-sp commented 8 years ago

The first bug is an issue with your guest VM configuration. The fix is discussed here: https://github.com/brad-accuvant/cuckoo-modified/issues/27

For the second issue, give me the hash of the file that's causing the analysis failure.

-Brad

Helyx1337 commented 8 years ago

Thanks, I will check that.

The has is : 52ae3b7f8f383f169363b5d4f5d5deca

Helyx1337 commented 8 years ago

Fixed the last issue, the current one is:

[lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: [Errno 13] Permission denied: 'C:\2940.ini'

KillerInstinct commented 8 years ago

Sounds like you have UAC enabled, or do not have admin access.

Helyx1337 commented 8 years ago

Disabled the UAC, and now I'm getting this. [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: [Errno 13] Permission denied: 'C:\2888.ini

What is this kind of error?

KillerInstinct commented 8 years ago

It's saying your python process (agent.py) doesn't have permission to create files in C:.

Are you running as an admin user? Did you restart the VM and resnapshot after making the UAC change?

Helyx1337 commented 8 years ago

I'm running virtualbox and cuckoo with sudo. Yes i made a new snapshot after disabling the UAC

KillerInstinct commented 8 years ago

Your VM -- the account you're running the agent under. Is that an admin?

Helyx1337 commented 8 years ago

Yes, there is only one account on that VM and that account is an admin

heckestecher commented 8 years ago

i guess this account don't have full admin rights. take a look here: http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/?PageSpeed=noscript