No Internet Access in Guest using Host only Network or Guest and Host could'nt Communicate

[ayesha99]

Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html

My issue is: i am unable to have internet access in my VM.

I've checked all things. firewalls and updates are turned off in guest. host only adapter is used with static ip. all configuration files are attached and screen shots as well.

i want to ask one more thing if agent in this current release of cuckoo does not shows any thing, is that okay?

My Cuckoo version and operating system are:

Cuckoo Sandbox 2.0.5 Host : Ubuntu 17.10 Guest: windows 7 (64 bit) Virtual box 5.2.8

cuckoo agent running in guest showing nothing

cuckoo analysis error report

network configuration in guest cuckooo analysis log file Cuckoo Analyses Log

[doomedraven]

https://github.com/cuckoosandbox/cuckoo/blob/ab1f694f6c38429be6f4c1ca9f8a4efedd60960f/docs/book/faq/index.rst#unsupported-method-get

• please read the outputs

  Error from machine 'cuckoo1': it appears that this Virtual Machine hasn't been configured properly as the Cuckoo Host wasn't able to connect to the Guest. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration

[ayesha99]

it didn't solved my problem... :(

[doomedraven]

That looks like you hace problem with agent inside of the vm, test connection with it using

curl vmip:8000 and see my first link for explanation

[ayesha99]

it gives me error

curl: (7) Failed to connect to 192.168.56.101 port 8000: Connection refused

[doomedraven]

So that is your problem or your agent or your network settings failing, check both

[aflick2486]

I am having the same issue as ayesha99 however when I test the connection by curling, I get:

{"message": "Cuckoo Agent!", "version": "0.8", "features": ["execpy", "pinning", "logs", "largefile", "unicodepath"]}

When I submit a file for analysis from the command line I get: Success: File "/usr/local/cuckoo/malicious.file" added as task with ID #3

Then in the cuckoo log I receive this:

2018-03-27 11:13:46,678 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "malicious.file" (task #3, options "")
2018-03-27 11:13:46,740 [cuckoo.core.scheduler] INFO: Task #3: acquired machine cuckoo1 (label=Win7 Guest)
2018-03-27 11:13:46,934 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 7825 (interface=vboxnet0, host=192.168.56.101)
2018-03-27 11:13:50,988 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101)
2018-03-27 11:13:56,019 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.8 (id=cuckoo1, ip=192.168.56.101)
2018-03-27 11:16:56,709 [cuckoo.core.guest] INFO: cuckoo1: end of analysis reached!
2018-03-27 11:16:58,608 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/usr/local/cuckoo/.cuckoo/storage/analyses/3/logs'.
2018-03-27 11:16:58,649 [cuckoo.processing.debug] ERROR: Error processing task #3: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration
2018-03-27 11:16:58,716 [cuckoo.core.scheduler] INFO: Task #3: reports generation completed
2018-03-27 11:16:58,730 [cuckoo.core.scheduler] INFO: Task #3: analysis procedure completed

Maybe important, when I look at the VM before starting the analysis, it shows as in a saved state (from snapshot) and then afterwards the machine shows as powered off. So maybe it is losing connection in the middle from getting powered off?

[RicoVZ]

Hi aflick2486,

Could you create a new issue for this, and include your full cuckoo.log (as a file), how you created your tasks (arguments, options etc), and the full config file of your used machinery module? (virtualbox.conf by default)

[pietrogu]

Verify if your VM IP is the same as configured in virtualbox.conf you can use VBoxManage guestproperty enumerate VM_NAME | grep IP | grep -o -w -P -e '\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}'