guest initialization hit the critical timeout

[arulraji]

i get an error like "ERROR: cuckoo: the guest initialization hit the critical timeout, analysis aborted."

please help to proceed further... i share some trace and conf file

arul-3530@arul-3530:/opt/cuckoo$ python cuckoo.py

                           ),-.     /

Cuckoo Sandbox <(a ---',' no chance for malwares! (-, .> ) ) >.__/ /

Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015

Checking for updates... Good! You have the latest version available.

2016-11-02 10:51:18,138 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-11-02 10:51:18,742 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-11-02 10:51:18,749 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2016-11-02 10:51:48,279 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "test.js" (task #11, options "") 2016-11-02 10:51:48,288 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/28b6394f748a3d1e4791673c400bbf25bac84ebcb1a6bdf50ae773c01b4ce06a" 2016-11-02 10:51:48,309 [lib.cuckoo.core.scheduler] INFO: Task #11: acquired machine cuckoo (label=cuckoo) 2016-11-02 10:51:48,312 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 4735 (interface=vboxnet0, host=192.168.56.101, pcap=/opt/cuckoo/storage/analyses/11/dump.pcap) tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 65535 bytes 2016-11-02 10:51:52,401 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo, ip=192.168.56.101) 2016-11-02 10:54:52,614 [lib.cuckoo.core.scheduler] ERROR: cuckoo: the guest initialization hit the critical timeout, analysis aborted. 135 packets captured 135 packets received by filter 0 packets dropped by kernel 2016-11-02 10:54:53,879 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path '/opt/cuckoo/storage/analyses/11/logs'. 2016-11-02 10:54:53,895 [lib.cuckoo.common.objects] WARNING: Unable to import yara (please compile from sources) 2016-11-02 10:54:53,906 [lib.cuckoo.core.scheduler] INFO: Task #11: reports generation completed (path=/opt/cuckoo/storage/analyses/11) 2016-11-02 10:54:53,922 [lib.cuckoo.core.scheduler] INFO: Task #11: analysis procedure completed

cuckoo.txt virtualbox.txt

[doomedraven]

can you start vm manually and test from host curl 192.168.56.101:8000 ? it should return error 50x which means what communication with agent works fine

On 2 Nov 2016, at 06:38, arulraji <notifications@github.com mailto:notifications@github.com> wrote:

i get an error like "ERROR: cuckoo: the guest initialization hit the critical timeout, analysis aborted."

please help to proceed further... i share some trace and conf file

arul-3530@arul-3530:/opt/cuckoo$ python cuckoo.py

                       ),-.     /

Cuckoo Sandbox <(a ---',' no chance for malwares! (-, ._> ) ) >._/ /

Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org http://www.cuckoosandbox.org/ Copyright (c) 2010-2015

Checking for updates... Good! You have the latest version available.

2016-11-02 10:51:18,138 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-11-02 10:51:18,742 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-11-02 10:51:18,749 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2016-11-02 10:51:48,279 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "test.js" (task #11 https://github.com/cuckoosandbox/cuckoo/issues/11, options "") 2016-11-02 10:51:48,288 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/28b6394f748a3d1e4791673c400bbf25bac84ebcb1a6bdf50ae773c01b4ce06a" 2016-11-02 10:51:48,309 [lib.cuckoo.core.scheduler] INFO: Task #11 https://github.com/cuckoosandbox/cuckoo/issues/11: acquired machine cuckoo (label=cuckoo) 2016-11-02 10:51:48,312 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 4735 (interface=vboxnet0, host=192.168.56.101, pcap=/opt/cuckoo/storage/analyses/11/dump.pcap) tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 65535 bytes 2016-11-02 10:51:52,401 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo, ip=192.168.56.101) 2016-11-02 10:54:52,614 [lib.cuckoo.core.scheduler] ERROR: cuckoo: the guest initialization hit the critical timeout, analysis aborted. 135 packets captured 135 packets received by filter 0 packets dropped by kernel 2016-11-02 10:54:53,879 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path '/opt/cuckoo/storage/analyses/11/logs'. 2016-11-02 10:54:53,895 [lib.cuckoo.common.objects] WARNING: Unable to import yara (please compile from sources) 2016-11-02 10:54:53,906 [lib.cuckoo.core.scheduler] INFO: Task #11 https://github.com/cuckoosandbox/cuckoo/issues/11: reports generation completed (path=/opt/cuckoo/storage/analyses/11) 2016-11-02 10:54:53,922 [lib.cuckoo.core.scheduler] INFO: Task #11 https://github.com/cuckoosandbox/cuckoo/issues/11: analysis procedure completed

cuckoo.txt https://github.com/cuckoosandbox/cuckoo/files/565752/cuckoo.txt virtualbox.txt https://github.com/cuckoosandbox/cuckoo/files/565753/virtualbox.txt — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/1154, or mute the thread https://github.com/notifications/unsubscribe-auth/ABxT79KqlM3lOt1rKek85blED5D0lJZ-ks5q6CG4gaJpZM4Km4Pv.

[arulraji]

@doomedraven output of curl 192.168.56.101:8000 "curl: (7) Failed to connect to 192.168.56.101 port 8000: No route to host". How can i override this

[doomedraven]

1. check vm firewall
2. check host firewall
3. check network configuration in host and vm

[arulraji]

@doomedraven some correction after in network configuration. when i curl 192.168.56.101:8000 the below output comes <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

Error response

Error code: 501

Message: Unsupported method ('GET').

Error code explanation: HTTPStatus.NOT_IMPLEMENTED - Server does not support this operation.

ie., now i think network related issued are all resolved.

now i get other error like 2016-11-03 12:09:56,830 [lib.cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/opt/cuc/lib/cuckoo/core/scheduler.py", line 519, in run self.launch_analysis() File "/opt/cuc/lib/cuckoo/core/scheduler.py", line 399, in launch_analysis self.guest_manage(options) File "/opt/cuc/lib/cuckoo/core/scheduler.py", line 301, in guest_manage self.guest_manager.start_analysis(options, monitor) File "/opt/cuc/lib/cuckoo/core/guest.py", line 392, in start_analysis self.old.start_analysis(options, monitor) File "/opt/cuc/lib/cuckoo/core/guest.py", line 180, in start_analysis self.upload_analyzer(monitor) File "/opt/cuc/lib/cuckoo/core/guest.py", line 153, in upload_analyzer self.server.add_analyzer(xmlrpclib.Binary(zip_data)) File "/usr/lib/python2.7/xmlrpclib.py", line 1233, in call return self.send(self.name, args) File "/usr/lib/python2.7/xmlrpclib.py", line 1587, in request verbose=self.verbose File "/usr/lib/python2.7/xmlrpclib.py", line 1273, in request return self.single_request(host, handler, request_body, verbose) File "/usr/lib/python2.7/xmlrpclib.py", line 1306, in single_request return self.parse_response(response) File "/usr/lib/python2.7/xmlrpclib.py", line 1482, in parse_response return u.close() File "/usr/lib/python2.7/xmlrpclib.py", line 794, in close raise Fault(**self._stack[0]) Fault: <Fault 1: "<class 'TypeError'>:string argument expected, got 'bytes'">

fyi i add timeout = 60 in virtualbox.conf also get the same error. please help us

[arulraji]

solving the above issue by changing the vm python version from 3.6 to 2.7.. Thanks @doomedraven

[doomedraven]

so if solved, close issue :)

[amangupta87]

solving the above issue by changing the vm python version from 3.6 to 2.7.. Thanks @doomedraven

Hi @arulraji, how did you change vm python version to 2.7.

[doomedraven]

cuckoo works only with 2.7.x, you can't use different version

[amangupta87]

Thanks @doomedraven , but I just checked my python version in vm and it is 2.7.15. But still I am getting this error while analyzing an app:

` .----..--.--..----.| |--..-----..-----. | || | || || < | || | |__||||__|||__||||_____|

Cuckoo Sandbox 2.0.7 www.cuckoosandbox.org Copyright (c) 2010-2018

2019-06-22 14:26:55,422 [cuckoo] ERROR: The maximum number of open files is low (4096). If you do not increase it, you may run into errors later on. 2019-06-22 14:26:55,422 [cuckoo] ERROR: See also: https://cuckoo.sh/docs/faq/index.html#ioerror-errno-24-too-many-open-files Checking for updates... Vulnerable dependencies found

--> Vulnerable version of virtualbox installed (5.2.18). It is highly recommended to update. Please update and restart Cuckoo. Recommended version: >=5.2.28 Additional information: https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

You're good to go!

Our latest blogposts:

• Cuckoo Sandbox 2.0.7, June 19, 2019. Stability and security More at https://cuckoosandbox.org/blog/207-interim-release

• IQY malspam campaign, October 15, 2018. Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing DDE to achieve code execution. More at https://hatching.io/blog/iqy-malspam

• Hooking VBScript execution in Cuckoo, October 03, 2018. Details on implementation of Visual Basic Script instrumentation for Cuckoo Monitor for extraction of dynamically executed VBScript. More at https://hatching.io/blog/vbscript-hooking

• Cuckoo Sandbox 2.0.6 pentest, September 18, 2018. Cuckoo Sandbox 2.0.6 public pentest performed by Cure53 and sponsored by PolySwarm! More at https://hatching.io/blog/cuckoo-206-pentest

• Cuckoo Sandbox 2.0.6, June 07, 2018. Interim release awaiting the big release. More at https://cuckoosandbox.org/blog/206-interim-release

2019-06-22 14:26:59,617 [cuckoo] WARNING: It appears that you haven't loaded any Cuckoo Signatures. Signatures are highly recommended and improve & enrich the information extracted during an analysis. They also make up for the analysis score that you see in the Web Interface - so, pretty important! 2019-06-22 14:26:59,618 [cuckoo] WARNING: You'll be able to fetch all the latest Cuckoo Signatures, Yara rules, and more goodies by running the following command: 2019-06-22 14:26:59,619 [cuckoo] INFO: $ cuckoo community 2019-06-22 14:26:59,626 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2019-06-22 14:27:00,645 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2019-06-22 14:27:00,660 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2019-06-22 14:27:01,842 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "com.tripadvisor.tripadvisor.apk" (task #2, options "") 2019-06-22 14:27:02,491 [cuckoo.core.scheduler] INFO: Task #2: acquired machine Ubuntu (label=Ubuntu) 2019-06-22 14:27:02,544 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 15605 (interface=vboxnet0, host=192.168.56.101) 2019-06-22 14:27:18,580 [cuckoo.core.guest] INFO: Starting analysis #2 on guest (id=Ubuntu, ip=192.168.56.101) 2019-06-22 14:27:24,396 [cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/scheduler.py", line 755, in run self.launch_analysis() File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/scheduler.py", line 541, in launch_analysis self.guest_manage(options) File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/scheduler.py", line 404, in guest_manage self.guest_manager.start_analysis(options, monitor) File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/guest.py", line 454, in start_analysis self.old.start_analysis(options, monitor) File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/guest.py", line 187, in start_analysis self.upload_analyzer(monitor) File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/guest.py", line 158, in upload_analyzer self.server.add_analyzer(xmlrpclib.Binary(zip_data)) File "/usr/lib/python2.7/xmlrpclib.py", line 1243, in call return self.send(self.name, args) File "/usr/lib/python2.7/xmlrpclib.py", line 1602, in request verbose=self.verbose File "/usr/lib/python2.7/xmlrpclib.py", line 1283, in request return self.single_request(host, handler, request_body, verbose) File "/usr/lib/python2.7/xmlrpclib.py", line 1316, in single_request return self.parse_response(response) File "/usr/lib/python2.7/xmlrpclib.py", line 1493, in parse_response return u.close() File "/usr/lib/python2.7/xmlrpclib.py", line 800, in close raise Fault(**self._stack[0]) Fault: <Fault 1: "<class 'TypeError'>:string argument expected, got 'bytes'">`

And then it stops and no futher output is given and I have to do Ctrl+C to give other commands. Please help me in this. Thankyou

[doomedraven]

well thats normal bcz cuckoo doesn't work right now with android, you can see a lot of issues opened in repo

[amangupta87]

So how do I get going?

[doomedraven]

well you have 2 ways

1. wait for android fixes in future releases
2. fix everything by yourself