doomedraven
commented
5 years ago do searches in issues, running all as root and now you have a lot of problems, and read log output there a lot of information about your problems
Open chinmay007007 opened 5 years ago
doomedraven
commented
5 years ago do searches in issues, running all as root and now you have a lot of problems, and read log output there a lot of information about your problems
chinmay007007
commented
5 years ago 
chinmay007007
commented
5 years ago 
chinmay007007
commented
5 years ago Should I run command without sudo in cd .cuckoo/ ? Also I always have to make directory /tmp/cuckoo-tmp-root to run every time ? that is weird. Also in which sequence I should run commands and in which directory ? I am really confused now. Please if you could help !
chinmay007007
commented
5 years ago 
chinmay007007
commented
5 years ago Interface looks fine but issues persists.
chinmay007007
commented
5 years ago 
chinmay007007
commented
5 years ago 
chinmay007007
commented
5 years ago ITS RUNNING WITH THESE TWO ERRORS ! ALTHOUGH I ENABLED MEMORY DUMP . CAN ANYONE HELP.
RicoVZ
commented
5 years ago Hi @chinmay007007,
The reason of these errors is likely because you are using sudo. This causes Cuckoo look loads its CWD(Cuckoo working directory) from /root/.cuckoo instead of /home/youruser/.cuckoo (Where you likely configured things).
We do not recommend running Cuckoo on a root user. You can run it under your regular user.
What is the reason you are using sudo to run Cuckoo? :slightly_smiling_face:
What happens if you start Cuckoo with cuckoo --debug?
chinmay007007
commented
5 years ago Hi @RicoVZ , If I dont run cuckoo as sudo cuckoo -d , it wont open as it fails to recognize windows7 in VM . Also I installed virtualbox as sudo and I have to run it as sudo virtualbox. If I add sudo cuckoo -d it starts running . Is it right approach ?
chinmay007007
commented
5 years ago Also now report is being generated after analysis but without vm dump .
RicoVZ
commented
5 years ago That sounds like the VM was also created on the root user. VMs are per-user.
Also now report is being generated after analysis but without vm dump .
This must be enabled in the cuckoo.conf, as it sounds you did. However, if you start Cuckoo as root, it will use a CWD in the root home folder.
This means you will have to edit configuration files in ~/root/.cuckoo`.
However, to solve your problem I would suggest making the VM on your chinmay user and then starting cuckoo with cuckoo --debug without sudo.
chinmay007007
commented
5 years ago Hi @RicoVZ , Yes you are write.,Thanks. I will do like as suggested by you . One more thing if I want to use elastic search -kimba could you please tell me the procedure ?
chinmay007007
commented
5 years ago Hi @RicoVZ. Also I tried editing configuration files in ~/root/.cuckoo` but it still shows error. But----- 1----[cuckoo.processing.behavior] CRITICAL: Behavior log file '3144.bson' is too big, skipped was solved by increasing the limit.
***One more thing if I want to use elastic search -kimba could you please tell me the procedure ?
RicoVZ
commented
5 years ago At the moment, the Elasticsearch mappings (sort of a database schema) have not yet been updated and only work on Elasticsearch 5.
@tincho9 has made a PR to have it work on ES 6. This includes new mappings. https://github.com/cuckoosandbox/cuckoo/pull/2627
You could merge this locally and then use ES6.
To use ES, open reporting.conf, find the [elasticsearch] section and enable it (enabled = yes). All new Cuckoo tasks will then also get reported to Elasticsearch.
chinmay007007
commented
5 years ago Hi @RicoVZ I have the same problem but even after creating memory dump as you suggested ,,, cuckoo analyses gets stuck at VOLATILITY part . I dont know why? Can you please help ?
chinmay007007
commented
5 years ago 
chinmay007007
commented
5 years ago Well Now it is running error free. But running cuckoo as sudo as mentioned before and also since cuckoo fails to create the memory dump so used the command ------ VBoxManage debugvm Win7 dumpvmcore --filename=memory.dmp and then copy pasting it ------into the analysis folder at .cuckoo/storage/analyses/X during the analysis of X.
RicoVZ
commented
5 years ago Mhm, it might be that a bug is causing this? Is there an error when it tries to create the memdump?
I believe the command to do the dump changed in vbox 6. The new code for this is present in the development branch but not in the release package.
There will be a release soon. That will likely fix your issue if this is the cause.
chetanm381
commented
1 year ago @RicoVZ i am having an problem , my cuckoo analysis is completed but it does not show any report on web server , and similarly if i submit on web server it always show pending. could you please me with this issue sir .
chinmay@chinmay-Precision-T1650:~$ cd .cuckoo/ chinmay@chinmay-Precision-T1650:~/.cuckoo$ ls agent cuckoo.db_old log storage web analyzer distributed monitor stuff whitelist conf elasticsearch pidfiles supervisord yara cuckoo.db init.py signatures supervisord.conf chinmay@chinmay-Precision-T1650:~/.cuckoo$ cd web chinmay@chinmay-Precision-T1650:~/.cuckoo/web$ mkdir /tmp/cuckoo-tmp-root chinmay@chinmay-Precision-T1650:~/.cuckoo/web$ cd .. chinmay@chinmay-Precision-T1650:~/.cuckoo$ sudo service mongodb start [sudo] password for chinmay: chinmay@chinmay-Precision-T1650:~/.cuckoo$ sudo cuckoo web runserver Performing system checks...
System check identified no issues (0 silenced). June 11, 2019 - 10:50:07 Django version 1.8.4, using settings 'cuckoo.web.web.settings' Starting development server at http://127.0.0.1:8000/ Quit the server with CONTROL-C. [11/Jun/2019 10:51:44] "GET / HTTP/1.1" 200 22337 [11/Jun/2019 10:51:44] "GET /static/css/vendor.css HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/css/main.css HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/vendor.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/handlebars-templates.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/hexdump.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/loader.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/sticky.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/analysis_sidebar.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/analysis_feedback.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/submission.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/process_tree.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/recent.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/analysis_network.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/rdp.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:44] "GET /static/js/cuckoo/app.js HTTP/1.1" 304 0 [11/Jun/2019 10:51:45] "GET /static/graphic/cuckoo-coffee-cup.png HTTP/1.1" 200 35356 [11/Jun/2019 10:51:45] "GET /static/graphic/cuckoo_inverse.png HTTP/1.1" 200 8158 [11/Jun/2019 10:51:45] "GET /static/images/close.png HTTP/1.1" 304 0 [11/Jun/2019 10:51:45] "GET /static/fonts/Roboto_normal_500_default.woff HTTP/1.1" 304 0 [11/Jun/2019 10:51:45] "GET /static/favicon-32x32.png HTTP/1.1" 200 1153
Broken pipe from ('127.0.0.1', 50710) [11/Jun/2019 10:51:45] "GET /static/images/next.png HTTP/1.1" 200 1350 [11/Jun/2019 10:51:45] "GET /static/images/prev.png HTTP/1.1" 200 1360 [11/Jun/2019 10:51:45] "GET /static/images/loading.gif HTTP/1.1" 200 8476 [11/Jun/2019 10:51:45] "GET /static/fonts/Roboto_normal_700_default.woff HTTP/1.1" 304 0 [11/Jun/2019 10:51:45] "GET /static/fonts/Roboto_normal_400_default.woff HTTP/1.1" 304 0 [11/Jun/2019 10:51:45] "GET /static/fonts/Roboto_normal_400_default.woff HTTP/1.1" 304 0 [11/Jun/2019 10:51:45] "GET /static/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1" 304 0 Checking for updates... [11/Jun/2019 10:51:45] "POST /analysis/api/tasks/recent/ HTTP/1.1" 200 438 You're good to go!
Our latest blogposts:
IQY malspam campaign, October 15, 2018. Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing DDE to achieve code execution. More at https://hatching.io/blog/iqy-malspam
Hooking VBScript execution in Cuckoo, October 03, 2018. Details on implementation of Visual Basic Script instrumentation for Cuckoo Monitor for extraction of dynamically executed VBScript. More at https://hatching.io/blog/vbscript-hooking
Cuckoo Sandbox 2.0.6 pentest, September 18, 2018. Cuckoo Sandbox 2.0.6 public pentest performed by Cure53 and sponsored by PolySwarm! More at https://hatching.io/blog/cuckoo-206-pentest
Cuckoo Sandbox 2.0.6, June 07, 2018. Interim release awaiting the big release. More at https://cuckoosandbox.org/blog/206-interim-release
Cuckoo Sandbox 2.0.5: Office DDE, December 03, 2017. Brand new release based on a DDE case study. More at https://cuckoosandbox.org/blog/205-office-dde
[11/Jun/2019 10:51:46] "GET /cuckoo/api/status HTTP/1.1" 200 1832 [11/Jun/2019 10:51:46] "GET /static/fonts/Roboto_italic_400_default.woff HTTP/1.1" 304 0 Traceback (most recent call last): File "/usr/local/bin/cuckoo", line 10, in
sys.exit(main())
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 716, in call
return self.main(args, kwargs)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 696, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 1060, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 889, in invoke
return ctx.invoke(self.callback, ctx.params)
File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 534, in invoke
return callback(args, kwargs)
File "/usr/local/lib/python2.7/dist-packages/click/decorators.py", line 17, in new_func
return f(get_current_context(), *args, *kwargs)
File "/usr/local/lib/python2.7/dist-packages/cuckoo/main.py", line 579, in web
("cuckoo",) + args
File "/usr/local/lib/python2.7/dist-packages/django/core/management/init.py", line 338, in execute_from_command_line
utility.execute()
File "/usr/local/lib/python2.7/dist-packages/django/core/management/init.py", line 330, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/usr/local/lib/python2.7/dist-packages/django/core/management/base.py", line 393, in run_from_argv
self.execute(args, cmd_options)
File "/usr/local/lib/python2.7/dist-packages/django/core/management/commands/runserver.py", line 49, in execute
super(Command, self).execute(*args, *options)
File "/usr/local/lib/python2.7/dist-packages/django/core/management/base.py", line 444, in execute
output = self.handle(args, options)
File "/usr/local/lib/python2.7/dist-packages/django/core/management/commands/runserver.py", line 88, in handle
self.run(options)
File "/usr/local/lib/python2.7/dist-packages/django/core/management/commands/runserver.py", line 97, in run
autoreload.main(self.inner_run, None, options)
File "/usr/local/lib/python2.7/dist-packages/django/utils/autoreload.py", line 325, in main
reloader(wrapped_main_func, args, kwargs)
File "/usr/local/lib/python2.7/dist-packages/django/utils/autoreload.py", line 296, in python_reloader
exit_code = restart_with_reloader()
File "/usr/local/lib/python2.7/dist-packages/django/utils/autoreload.py", line 282, in restart_with_reloader
exit_code = os.spawnve(os.P_WAIT, sys.executable, args, new_environ)
File "/usr/lib/python2.7/os.py", line 575, in spawnve
return _spawnvef(mode, file, args, env, execve)
File "/usr/lib/python2.7/os.py", line 548, in _spawnvef
wpid, sts = waitpid(pid, 0)
OSError: [Errno 4] Interrupted system call
chinmay@chinmay-Precision-T1650:~/.cuckoo$ sudo cuckoo
.----..--.--..----.| |--..-----..-----. | || | || || < | || | ||||||||||||_____|
Cuckoo Sandbox 2.0.6 www.cuckoosandbox.org Copyright (c) 2010-2018
Checking for updates... You're good to go!
Our latest blogposts:
IQY malspam campaign, October 15, 2018. Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing DDE to achieve code execution. More at https://hatching.io/blog/iqy-malspam
Hooking VBScript execution in Cuckoo, October 03, 2018. Details on implementation of Visual Basic Script instrumentation for Cuckoo Monitor for extraction of dynamically executed VBScript. More at https://hatching.io/blog/vbscript-hooking
Cuckoo Sandbox 2.0.6 pentest, September 18, 2018. Cuckoo Sandbox 2.0.6 public pentest performed by Cure53 and sponsored by PolySwarm! More at https://hatching.io/blog/cuckoo-206-pentest
Cuckoo Sandbox 2.0.6, June 07, 2018. Interim release awaiting the big release. More at https://cuckoosandbox.org/blog/206-interim-release
Cuckoo Sandbox 2.0.5: Office DDE, December 03, 2017. Brand new release based on a DDE case study. More at https://cuckoosandbox.org/blog/205-office-dde
2019-06-11 10:52:21,460 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2019-06-11 10:52:24,342 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2019-06-11 10:52:24,353 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2019-06-11 10:52:25,484 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "dumped.exe" (task #3, options "procmemdump=yes,route=none") 2019-06-11 10:52:25,500 [cuckoo.core.scheduler] ERROR: Unable to access target file, please check if we have permissions to access the file: "/tmp/cuckoo-tmp-root/tmplfwNJZ/dumped.exe" 2019-06-11 10:52:25,631 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/chinmay/.cuckoo/storage/analyses/3/logs'. 2019-06-11 10:52:25,632 [cuckoo.processing.memory] ERROR: VM memory dump not found: to create VM memory dumps you have to enable memory_dump in cuckoo.conf! 2019-06-11 10:52:25,634 [cuckoo.core.plugins] WARNING: The processing module "Strings" returned the following error: Sample file doesn't exist: "/home/chinmay/.cuckoo/storage/analyses/3/binary" 2019-06-11 10:52:25,634 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/chinmay/.cuckoo/storage/analyses/3/dump.pcap". 2019-06-11 10:52:25,635 [cuckoo.processing.debug] ERROR: Error processing task #3: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration 2019-06-11 10:52:25,905 [cuckoo.core.scheduler] INFO: Task #3: reports generation completed 2019-06-11 10:52:25,916 [cuckoo.core.scheduler] INFO: Task #3: analysis procedure completed 2019-06-11 10:52:26,628 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "Locky" (task #4, options "procmemdump=yes,route=none") 2019-06-11 10:52:26,638 [cuckoo.core.scheduler] ERROR: Unable to access target file, please check if we have permissions to access the file: "/tmp/cuckoo-tmp-root/tmp5hpo7x/Locky" 2019-06-11 10:52:26,757 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/chinmay/.cuckoo/storage/analyses/4/logs'. 2019-06-11 10:52:26,757 [cuckoo.processing.memory] ERROR: VM memory dump not found: to create VM memory dumps you have to enable memory_dump in cuckoo.conf! 2019-06-11 10:52:26,758 [cuckoo.core.plugins] WARNING: The processing module "Strings" returned the following error: Sample file doesn't exist: "/home/chinmay/.cuckoo/storage/analyses/4/binary" 2019-06-11 10:52:26,758 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/chinmay/.cuckoo/storage/analyses/4/dump.pcap". 2019-06-11 10:52:26,759 [cuckoo.processing.debug] ERROR: Error processing task #4: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration 2019-06-11 10:52:26,991 [cuckoo.core.scheduler] INFO: Task #4: reports generation completed 2019-06-11 10:52:26,998 [cuckoo.core.scheduler] INFO: Task #4: analysis procedure completed 2019-06-11 10:52:27,793 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "Locky" (task #5, options "procmemdump=yes,route=none") 2019-06-11 10:52:27,800 [cuckoo.core.scheduler] ERROR: Unable to access target file, please check if we have permissions to access the file: "/tmp/cuckoo-tmp-root/tmpRs5qU9/Locky" 2019-06-11 10:52:27,924 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/chinmay/.cuckoo/storage/analyses/5/logs'. 2019-06-11 10:52:27,925 [cuckoo.processing.memory] ERROR: VM memory dump not found: to create VM memory dumps you have to enable memory_dump in cuckoo.conf! 2019-06-11 10:52:27,925 [cuckoo.core.plugins] WARNING: The processing module "Strings" returned the following error: Sample file doesn't exist: "/home/chinmay/.cuckoo/storage/analyses/5/binary" 2019-06-11 10:52:27,926 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/chinmay/.cuckoo/storage/analyses/5/dump.pcap". 2019-06-11 10:52:27,926 [cuckoo.processing.debug] ERROR: Error processing task #5: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration 2019-06-11 10:52:28,147 [cuckoo.core.scheduler] INFO: Task #5: reports generation completed 2019-06-11 10:52:28,155 [cuckoo.core.scheduler] INFO: Task #5: analysis procedure completed