Open vikram-rajpuro opened 7 years ago
daanfs
commented
7 years ago See also https://github.com/cuckoosandbox/cuckoo/issues/1876. Is the agent.py running as root inside your guest?
It might be worth improving the agent.py error reporting instead of silently failing here.
jbremer
commented
7 years ago Please do @daanfs! :)
jbremer
commented
7 years ago The fix for the mentioned issue has now been resolved! Please check it out.
vikram-rajpuro
commented
7 years ago Hello Greetings.
Thanks Jurriaan Bremer.
Best Regards, Vikram Sinha.
On Fri, Oct 27, 2017 at 7:44 PM, Jurriaan Bremer notifications@github.com wrote:
The fix for the mentioned issue has now been resolved! Please check it out.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/1893#issuecomment-339983559, or mute the thread https://github.com/notifications/unsubscribe-auth/AP7VOL14FSbbJWJpeJuNS7jlpbs4CrYsks5sweVYgaJpZM4P6lkk .
vikram-rajpuro
commented
7 years ago As of now I am able to analyse samples but there is network issue between my guest to host communication. I am able to ping a request from guest to host and host to guest with no problem but my guest is not connected with internet. So when I submit samples from my web console; Process fails and gives error like the below screenshot- :
@daanfs where should I check; which package is not got imported; where should I find it; and which module makes this error - : xmlrpclib.ProtocolError: <ProtocolError for 127.0.0.1:8080/RPC2: 404 Not Found>
thanks for your help till now.
br, Vikram Sinha
seantree
commented
7 years ago @jbremer can you also suggest what to do with this problem?
daanfs
commented
7 years ago @vikram-rajpuro: Can you try specifying a package using the --package option when submitting a file via the command line? Try bash, macho, app, or zip depending on the sample you are submitting.
seantree
commented
7 years ago Hi @daanfs ,
I am also getting the same problem and yes I tried to submit the sample through terminal on the below link you can check that it's generating the new error: https://github.com/cuckoosandbox/cuckoo/issues/1849
vikram-rajpuro
commented
7 years ago @daanfs by specifying the package is shows that my package.py file throwing the exception - : File "/tmp_ApzEw/lib/core/packages.py", line 31, in choose_package_class "exist.".format(name)) Exception: Unable to import package "None": it does not exist.
Please let me know if I am going to the write direction... @jbremer @doomedraven
doomedraven
commented
7 years ago bcz for linux there only generic package, update sflock to latest version and it will recognize package correctly automatically
vikram-rajpuro
commented
7 years ago @doomedraven If there is only generic package available for linux then how many packages are available for Mac... After all I am willing setup the sandbox environment for Mac Malware analysis.
@daanfs @jbremer
doomedraven
commented
7 years ago i not checked but i think also only generic
vikram-rajpuro
commented
7 years ago @doomedraven I checked and as @daanfs pointed to specify there are available packages for Mac e.g.. app, bash, macho, zip but still giving error "Analysis failed: Could not find an appropriate analysis package"
I am providing the Mac-O file for analysis
vikram-rajpuro
commented
7 years ago Phew.. I solved this problem here but I guess the problem now is broken .py; @daanfs @jbremer @doomedraven @alonlavian
Still web console taking files forcefully and not showing reports according to the log which it printed like one below;
I am willing to make new packages for cuckoo but first; I think Cuckoo should work once :(
Any help would be more than just appreciated. Please have a look Friends... :) :) :)
2017-11-23 13:18:38,709 [cuckoo.core.guest] DEBUG: MACOS_108: analysis not completed yet (status=2) 2017-11-23 13:18:39,720 [cuckoo.core.guest] DEBUG: MACOS_108: analysis not completed yet (status=2) 2017-11-23 13:18:40,729 [cuckoo.core.guest] INFO: MACOS_108: end of analysis reached! 2017-11-23 13:18:40,736 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2017-11-23 13:18:40,737 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm MACOS_108 2017-11-23 13:18:42,137 [cuckoo.core.scheduler] DEBUG: Released database task #64 2017-11-23 13:18:42,245 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #64 2017-11-23 13:18:42,247 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/Users/ashutosh/.cuckoo/storage/analyses/64/logs'. 2017-11-23 13:18:42,247 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #64 2017-11-23 13:18:42,248 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #64 2017-11-23 13:18:42,248 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #64 2017-11-23 13:18:42,249 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #64 2017-11-23 13:18:42,264 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #64 2017-11-23 13:18:42,264 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #64 2017-11-23 13:18:42,265 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" for task #64 2017-11-23 13:18:42,310 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #64 2017-11-23 13:18:42,540 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #64 2017-11-23 13:18:42,745 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #64 2017-11-23 13:18:53,273 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #64 2017-11-23 13:18:56,660 [cuckoo.core.plugins] DEBUG: Executed processing module "VirusTotal" for task #64 2017-11-23 13:18:56,663 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #64
vikram-rajpuro
commented
7 years ago The another setup which I tried is : https://github.com/alonlavian/cuckoo
jbremer
commented
6 years ago So, what's the end result @vikram-rajpuro ? Is it working or not?
vikram-rajpuro
commented
6 years ago Not completely @jbremer; file monitor is not working so the paths are not getting recorded. otherwise receiving all other information related to infected file.
As soon as I provide samples from web console it starts virtual box and terminates it with below error message. My host and guest are connected and agent also working please point me out where things went wrong.
2017-10-12 17:02:49,943 [cuckoo.core.guest] INFO: Starting analysis on guest (id=MACOS_1, ip=192.168.56.101) 2017-10-12 17:02:50,951 [cuckoo.core.guest] DEBUG: MACOS_1: not ready yet 2017-10-12 17:02:51,959 [cuckoo.core.guest] DEBUG: MACOS_1: not ready yet 2017-10-12 17:02:52,967 [cuckoo.core.guest] DEBUG: MACOS_1: not ready yet 2017-10-12 17:02:53,975 [cuckoo.core.guest] DEBUG: MACOS_1: not ready yet 2017-10-12 17:02:54,980 [cuckoo.core.guest] DEBUG: MACOS_1: not ready yet 2017-10-12 17:02:55,987 [cuckoo.core.guest] DEBUG: MACOS_1: not ready yet 2017-10-12 17:02:57,030 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.7 (id=MACOS_1, ip=192.168.56.101) 2017-10-12 17:02:57,040 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=MACOS_1, ip=192.168.56.101, monitor=latest, size=108827) 2017-10-12 17:02:57,082 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: MITM 2017-10-12 17:02:57,083 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2017-10-12 17:02:57,083 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm MACOS_1 2017-10-12 17:02:58,342 [cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/Users/ashutosh/venv/lib/python2.7/site-packages/cuckoo/core/scheduler.py", line 698, in run self.launch_analysis() File "/Users/ashutosh/venv/lib/python2.7/site-packages/cuckoo/core/scheduler.py", line 499, in launch_analysis self.guest_manage(options) File "/Users/ashutosh/venv/lib/python2.7/site-packages/cuckoo/core/scheduler.py", line 394, in guest_manage self.guest_manager.start_analysis(options, monitor) File "/Users/ashutosh/venv/lib/python2.7/site-packages/cuckoo/core/guest.py", line 465, in start_analysis self.upload_analyzer(monitor) File "/Users/ashutosh/venv/lib/python2.7/site-packages/cuckoo/core/guest.py", line 372, in upload_analyzer self.determine_analyzer_path() File "/Users/ashutosh/venv/lib/python2.7/site-packages/cuckoo/core/guest.py", line 350, in determine_analyzer_path r = self.post("/mkdtemp", data={"dirpath": systemdrive}) File "/Users/ashutosh/venv/lib/python2.7/site-packages/cuckoo/core/guest.py", line 311, in post r = session.post(url, *args, kwargs) File "/Users/ashutosh/venv/lib/python2.7/site-packages/requests/sessions.py", line 535, in post return self.request('POST', url, data=data, json=json, kwargs) File "/Users/ashutosh/venv/lib/python2.7/site-packages/requests/sessions.py", line 488, in request resp = self.send(prep, send_kwargs) File "/Users/ashutosh/venv/lib/python2.7/site-packages/requests/sessions.py", line 609, in send r = adapter.send(request, kwargs) File "/Users/ashutosh/venv/lib/python2.7/site-packages/requests/adapters.py", line 473, in send raise ConnectionError(err, request=request) ConnectionError: ('Connection aborted.', BadStatusLine("''",))
Regards, Vikram Sinha