WARNING: Analysis results folder does not exist at path

[josu98]

Hi!

cuckoo running on Ubuntu 16.04 with KVM but I never really got cuckoo to work on this machine.

After running cuckoo.py and submitting a file I get the following output.

---

Cuckoo Sandbox 2.0-dev www.cuckoosandbox.org Copyright (c) 2010-2015

Checking for updates... You are running a development version! Current stable is 2.0-rc1. /usr/local/lib/python2.7/dist-packages/setuptools-23.1.0-py2.7.egg/pkg_resources/init.py:1268: UserWarning: /home/jxxxn/.python-eggs is writable by group/othe rs and vulnerable to attack when used with get_resource_filename. Consider a more secure location (set with .set_extraction_path or the PYTHON_EGG_CACHE environmen t variable). 2016-11-11 14:46:51,484 [lib.cuckoo.core.scheduler] INFO: Using "kvm" as machine manager 2016-11-11 14:46:51,652 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-11-11 14:46:51,667 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2016-11-11 14:48:24,445 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "deleter.exe" (task #12, options "") 2016-11-11 14:48:24,474 [lib.cuckoo.core.scheduler] INFO: File already exists at "/data/cuckoo-master/storage/binaries/903141dccebd5ca38640bbbbda2358ef529132b2679a 369862397abcc05c592d" 2016-11-11 14:48:24,500 [lib.cuckoo.core.scheduler] INFO: Task #12: acquired machine cuckoo1 (label=WinXP-SP3) 2016-11-11 14:48:24,530 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 7985 (interface=virbr1, host=10.1.1.101, pcap=/data/cuckoo-master/storage/analys es/12/dump.pcap) 2016-11-11 14:48:24,534 [lib.cuckoo.common.objects] WARNING: Unable to import pefile (pip install pefile) tcpdump: listening on virbr1, link-type EN10MB (Ethernet), capture size 262144 bytes 2016-11-11 14:48:25,940 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=10.1.1.101) 2016-11-11 14:51:31,334 [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating. 21 packets captured 21 packets received by filter 0 packets dropped by kernel 2016-11-11 14:51:31,927 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path '/data/cuckoo-master/storage/analyses/12/logs'. 2016-11-11 14:51:31,931 [modules.processing.procmemory] WARNING: In order to extract PE files from memory dumps it is required to have pefile installed (pip insta ll pefile). 2016-11-11 14:51:31,931 [modules.processing.screenshots] ERROR: Could not find tesseract binary, screenshot OCR aborted. 2016-11-11 14:51:31,948 [lib.cuckoo.core.plugins] WARNING: The processing module "Suricata" returned the following error: Unable to locate Suricata binary 2016-11-11 14:51:33,421 [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportHTML" returned the following error: Failed to generate HTML report: Jinja2 l ibrary is not installed (install pip install jinja2) 2016-11-11 14:51:33,421 [lib.cuckoo.core.scheduler] INFO: Task #12: reports generation completed (path=/data/cuckoo-master/storage/analyses/12) 2016-11-11 14:51:33,463 [lib.cuckoo.core.scheduler] INFO: Task #12: analysis procedure completed

---

Below content of the analysis-folder:

lrwxrwxrwx 1 jorgen cuckoo 101 nov 11 14:48 binary -> /data/cuckoo-master/storage/binaries/903141dccebd5ca38640bbbbda2358ef529132b2679a369862397abcc05c592d -rw-rw-r-- 1 jorgen cuckoo 1873 nov 11 14:51 cuckoo.log -rw-rw-r-- 1 jorgen cuckoo 3807 nov 11 14:50 dump.pcap -rw-rw-r-- 1 jorgen cuckoo 3807 nov 11 14:51 dump_sorted.pcap drwxrwxr-x 2 jorgen cuckoo 4096 nov 11 14:51 network -rw-rw-r-- 1 jorgen cuckoo 0 nov 11 14:51 reboot.json drwxrwxr-x 2 jorgen cuckoo 4096 nov 11 14:51 reports drwxrwxr-x 2 jorgen cuckoo 4096 nov 11 14:51 suricata -rw-rw-r-- 1 jorgen cuckoo 714 nov 11 14:51 task.json -rw-rw-r-- 1 jorgen cuckoo 0 nov 11 14:51 tlsmaster.txt

Any clue why the logs-folder isnt created and the analysis hit a critical timeout?

Thanks, Jorgen

[jbremer]

Did you verify the IP addresses and all that configuration? Can both sides talk to each other?

[josu98]

Ahh..embarrassing...you are spot on! I had the wrong IP adress for resultserver specified in cuckoo.conf... Thanks :) Jorgen

[josu98]

Any clue about the PE error? When I run the command: "pip install pefile" I get the following message:

Requirement already satisfied: pefile in /usr/local/lib/python3.5/dist-packages Requirement already satisfied: future in /usr/local/lib/python3.5/dist-packages (from pefile)

Thanks Jorgen

[doomedraven]

Uninstall pefile and install pefile2 from requirements

Best regards Andriy

El 11 nov 2016, a las 20:20, josu98 notifications@github.com escribió:

Any clue about the PE error? When I run the command: "pip install pefile" I get the following message:

Requirement already satisfied: pefile in /usr/local/lib/python3.5/dist-packages Requirement already satisfied: future in /usr/local/lib/python3.5/dist-packages (from pefile)

Thanks Jorgen

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

[jbremer]

@josu98 What @doomedraven said, but in addition to that you have to use Python 2 as Cuckoo is not compatible with Python 3 at this point (your paths point out that you're somehow running Python 3's pip).

[josu98]

Thank you your input!

This is what I done so far. 1: uninstalled PIP 2: installed again using: "sudo apt-get install python-pip" (which is using python 2) 3: ran the following command to clear some form of pip cache: hash -r

PIP now works fine using python 2

Again I ran the following command : "sudo pip install -r requirements.txt" and I got much futher this time but bumped into the following error:

... ... Running setup.py install for Pillow ... error Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;file='/tmp/pip-build-mtcEAc/Pillow/setup.py';exec(compile(getattr(tokenize, 'ope n', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record /tmp/pip-jzvu6s-record/install-record.txt --single-version-externally-managed --c ompile: running install running build running build_py creating build creating build/lib.linux-x86_64-2.7 creating build/lib.linux-x86_64-2.7/PIL copying PIL/TiffTags.py -> build/lib.linux-x86_64-2.7/PIL ... -- I cut some text out since it was alot! -- ... writing dependency_links to Pillow.egg-info/dependency_links.txt warning: manifest_maker: standard file '-c' not found reading manifest file 'Pillow.egg-info/SOURCES.txt' reading manifest template 'MANIFEST.in' warning: no files found matching '_.sh' no previously-included directories found matching 'docs/_static' warning: no previously-included files found matching '.coveragerc' warning: no previously-included files found matching '.editorconfig' warning: no previously-included files found matching '.landscape.yaml' warning: no previously-included files found matching 'appveyor.yml' warning: no previously-included files found matching 'buildchildren.sh' warning: no previously-included files found matching 'tox.ini' warning: no previously-included files matching '.git' found anywhere in distribution warning: no previously-included files matching '.pyc' found anywhere in distribution warning: no previously-included files matching '.so' found anywhere in distribution writing manifest file 'Pillow.egg-info/SOURCES.txt' copying PIL/OleFileIO-README.md -> build/lib.linux-x86_64-2.7/PIL running build_ext Traceback (most recent call last): File "", line 1, in File "/tmp/pip-build-mtcEAc/Pillow/setup.py", line 767, in zip_safe=not debug_build(), ) File "/usr/lib/python2.7/distutils/core.py", line 151, in setup dist.run_commands() File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands self.run_command(cmd) File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command cmd_obj.run() File "build/bdist.linux-x86_64/egg/setuptools/command/install.py", line 61, in run File "/usr/lib/python2.7/distutils/command/install.py", line 601, in run self.run_command('build') File "/usr/lib/python2.7/distutils/cmd.py", line 326, in run_command self.distribution.run_command(command) File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command cmd_obj.run() File "/usr/lib/python2.7/distutils/command/build.py", line 128, in run self.run_command(cmd_name) File "/usr/lib/python2.7/distutils/cmd.py", line 326, in run_command self.distribution.run_command(command) File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command cmd_obj.run() File "/usr/lib/python2.7/distutils/command/build_ext.py", line 339, in run self.build_extensions() File "/tmp/pip-build-mtcEAc/Pillow/setup.py", line 512, in build_extensions ' using --disable-%s, aborting' % (f, f)) ValueError: jpeg is required unless explicitly disabled using --disable-jpeg, aborting Command "/usr/bin/python -u -c "import setuptools, tokenize;file='/tmp/pip-build-mtcEAc/Pillow/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read ().replace('\r\n', '\n'), file, 'exec'))" install --record /tmp/pip-jzvu6s-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-mtcEAc/Pillow/

This is as far as I get this time, any clue? Regards, Jorgen

[doomedraven]

check this http://stackoverflow.com/questions/34631806/fail-during-installation-of-pillow-python-module-in-linux

[josu98]

That was fast! Thanks! :)

Seems that the fastest way is to upgrade PIP, but do I dare? Any chance it changes to python 3 again..?

Regards, Jorgen

[doomedraven]

you can use which pip to see which one is used, and if used >3.x, just use pip2.7 command

[josu98]

Super, I give it a go. Thanks! Jorgen

[doomedraven]

you are welcome, it that will solve your issue close it, if not let us know

[josu98]

What I needed to install was : "sudo apt-get install libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk"

Dont really now if I needed all of the above packages but I was lazy and installed them all...

With your help this have been solved and Cuckoo is now working fine! :) Thank you! Jorgen