search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.53k stars 1.7k forks source link

inetsim:Failed to forward packet #2161

Open w0r1dhe110 opened 6 years ago

w0r1dhe110 commented 6 years ago

Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html

My issue is:

When the analysis is not started, the Guest can access the forgery service.When analyzing the sample, the guest cannot access inetsim.

My Cuckoo version and operating system are:

cuckoo v2.0.5 os:Ubuntu16.04 iNetSim: -- service_bind_address: 192.168.56.66 Guest Windows 7: -- ip address: 192.168.56.2 -- netmask: 255.255.255.0 -- gateway: 192.168.56.1 -- dns_nameserver: 192.168.56.1

This can be reproduced by:
The log, error, files etc can be found at:

$ cuckoo -d rooter --sudo -g cs 2018-03-12 14:38:04,604 [cuckoo.apps.rooter] DEBUG: Processing command: forward_drop 2018-03-12 14:38:04,654 [cuckoo.apps.rooter] DEBUG: Processing command: state_disable 2018-03-12 14:38:04,679 [cuckoo.apps.rooter] DEBUG: Processing command: state_enable 2018-03-12 14:39:13,833 [cuckoo.apps.rooter] DEBUG: Processing command: forward_drop 2018-03-12 14:39:13,844 [cuckoo.apps.rooter] DEBUG: Processing command: state_disable 2018-03-12 14:39:13,865 [cuckoo.apps.rooter] DEBUG: Processing command: state_enable 2018-03-12 14:39:16,251 [cuckoo.apps.rooter] DEBUG: Processing command: forward_drop 2018-03-12 14:39:16,262 [cuckoo.apps.rooter] DEBUG: Processing command: state_disable 2018-03-12 14:39:16,283 [cuckoo.apps.rooter] DEBUG: Processing command: state_enable 2018-03-12 14:46:56,896 [cuckoo.apps.rooter] DEBUG: Processing command: inetsim_enable 192.168.56.2 192.168.56.66 vboxnet0 2042 2018-03-12 14:52:13,330 [cuckoo.apps.rooter] DEBUG: Processing command: drop_disable 192.168.56.2 192.168.56.1 2042 2018-03-12 14:52:13,361 [cuckoo.apps.rooter] DEBUG: Processing command: inetsim_disable 192.168.56.2 192.168.56.66 vboxnet0 2042

sudo iptables -n -L default sudo iptables -n -t nat -L default tcpdump -nn -i vboxnet0 not port 2042 and not port 8000 default

doomedraven commented 6 years ago

Do search in issues that is vbox related problem, you have solution in one of them

w0r1dhe110 commented 6 years ago

"Unfortunately, the problem was in the way VirtualBox emulates the interface and/or network stack, so no amount of flailing on iptables was helping" Is this the problem?
but Another cuckoo v2.0.4 running on vmware Ubuntu 16.04,The guest run on vbox ,it works just fine . @doomedraven

doomedraven commented 6 years ago

Yes that one