Open marcelmalware opened 6 years ago
RicoVZ
commented
6 years ago Hi @marcelmalware,
Thanks for posting an issue.
A few questions before we can help you:
$CWD/conf/<yourmachinery>.conf?
artv2007
commented
6 years ago I have an issue with guacamole too. When I run the job and click button - Remote control - I get the 404 error and "Remote control is not enabled in the configuration! Please check our documentation on configuring Guacamole."
I install guacamole by instruction (https://github.com/cuckoosandbox/cuckoo/blob/master/docs/book/installation/host/requirements.rst) from the source. (Ubuntu Server 16.04 LTS, guacamole - 0.9.14)
And configure the VM to Settings-Display-Remote Display-Enable Server Port - 3389 Auth method - null Auth timeout - 5000
guacd service started netstat show - tcp 0 0 127.0.0.1:4822 0.0.0.0:* LISTEN 3758/guacd
How I need to enable Remote Control?
RicoVZ
commented
6 years ago Hi @artv2007,
That error means the feature itself is not enabled in the cuckoo.conf. To enabled it, open $CWD/conf/cuckoo.conf, find the [remotecontrol] section, and set enabled = no to enabled = yes. After this, restart Cuckoo web.
Thanks for the comment, we should probably make it more clear that this is also a required step. :smile:
Antyrael
commented
6 years ago I'm also having trouble getting this to work.
OS: Ubuntu 16.04.4 LTS
Guacamole 0.9.14 manually installed.
sudo dpkg -l | grep -i libgua returns nothing.
Cuckoo is installed using pip.
VBoxManage list extpacks output:
Extension Packs: 1 Pack no. 0: Oracle VM VirtualBox Extension Pack Version: 5.0.26 Revision: 108824 Edition: Description: USB 2.0 and USB 3.0 Host Controller, Host Webcam, VirtualBox RDP, PXE ROM, Disk Encryption. VRDE Module: VBoxVRDP Usable: true
I enabled the feature in cuckoo.conf and I set a port range in virtualbox.conf. Guacamole is installed as per the instructions on the earlier by artv2007 mentioned website. It's running and listening to the default port. The Windows VMs, when running headless, can remotely be connected to using the Windows remote desktop client.
Still, Cuckoo can't connect and shows "An error occured" (btw, there's an r missing in there ;)).
The Cuckoo logs show no problem, this is part of the log:
2018-06-12 14:38:20,052 [cuckoo.machinery.virtualbox] INFO: Successfully set remote control ports for virtual machine with label box1: 5001-5050 2018-06-12 14:38:20,145 [cuckoo.machinery.virtualbox] INFO: Successfully enabled remote control for virtual machine with label box1 on port(s): 5001-5050 2018-06-12 14:38:24,458 [cuckoo.core.guest] INFO: Starting analysis on guest (id=box1, ip=192.168.56.101) 2018-06-12 14:38:29,470 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.7 (id=box1, ip=192.168.56.101) 2018-06-12 14:41:36,706 [cuckoo.core.guest] INFO: box1: analysis completed successfully 2018-06-12 14:41:45,183 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label box1 to path /home/mmmm/.cuckoo/storage/analyses/8/memory.dmp 2018-06-12 14:41:47,402 [cuckoo.machinery.virtualbox] INFO: Successfully disabled remote control for virtual machine with label box1
This is what syslog shows:
Jun 12 14:38:23 cuckoo guacd[25114]: Creating new client for protocol "rdp" Jun 12 14:38:23 cuckoo guacd[25114]: Connection ID is "$ef5404f7-38a1-4f10-9682-d8d575005ce9" Jun 12 14:38:23 cuckoo guacd[26522]: No security mode specified. Defaulting to RDP. Jun 12 14:38:23 cuckoo guacd[26522]: Resize method: none Jun 12 14:38:23 cuckoo guacd[26522]: User "@09a58360-5380-4a7c-b4e7-60a6b215cf51" joined connection "$ef5404f7-38a1-4f10-9682-d8d575005ce9" (1 u sers now present) Jun 12 14:38:23 cuckoo guacd[26522]: Loading keymap "base" Jun 12 14:38:23 cuckoo guacd[26522]: Loading keymap "en-us-qwerty" Jun 12 14:38:23 cuckoo guacd[26522]: Failed to load guacdr plugin. Drive redirection and printing will not work. Sound MAY not work. Jun 12 14:38:23 cuckoo guacd[26522]: Failed to load guacsnd alongside guacdr plugin. Sound will not work. Drive redirection and printing MAY not work. Jun 12 14:38:38 cuckoo guacd[26522]: User is not responding. Jun 12 14:38:38 cuckoo guacd[26522]: User "@09a58360-5380-4a7c-b4e7-60a6b215cf51" disconnected (0 users remain) Jun 12 14:38:38 cuckoo guacd[26522]: Last user of connection "$ef5404f7-38a1-4f10-9682-d8d575005ce9" disconnected Jun 12 14:38:38 cuckoo guacd[26522]: Internal RDP client disconnected
Are there more steps to be taken to make this work correctly?
jmtrevaskis
commented
6 years ago try this
mkdir /var/run/guacd/ chown guacd:guacd /var/run/guacd/
then restart guacd
Antyrael
commented
6 years ago @jmtrevaskis Unfortunately, that did not fix it for me. The directory stays empty even after restarting the service.
RicoVZ
commented
6 years ago Hi @Antyrael,
Can you try removing the manually installed version and use the package manager to install Guacamole?
sudo apt install libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacd
Antyrael
commented
6 years ago Hi @RicoVZ,
That's what I tried first, but it installs an older version of guacd (0.8.3 if I'm not mistaken). It didn't work so I removed the packages, along with the libraries, and installed the newer version manually.
artv2007
commented
6 years ago Hi @RicoVZ Thanx for show me how to enable remotecontrol. (I upgrade from cuckoo 2.0.5 and I have not this settings in my cuckoo.conf)
Now I add this to cuckoo.conf [remotecontrol] enabled = yes guacd_host = 127.0.0.1 guacd_port = 4822
I start guacd by sudo systemctl start guacd Listig of my guacd.service
[Unit] Documentation=man:systemd-sysv-generator(8) SourcePath=/etc/init.d/guacd Description=LSB: Guacamole proxy daemon After=network-online.target After=systemd-journald-dev-log.socket Wants=network-online.target
[Service] Type=forking Restart=no TimeoutSec=5min IgnoreSIGPIPE=no KillMode=process GuessMainPID=no RemainAfterExit=yes ExecStart=/etc/init.d/guacd start ExecStop=/etc/init.d/guacd stop
I have no changes to my virtualbox.conf
VRDE: enabled (Address 0.0.0.0, Ports 33389, MultiConn: on, ReuseSingleConn: off, Authentication type: null)
Video redirection: disabled
VRDE property: TCP/Ports = "33389"
VRDE property: TCP/Address =
When I start cuckoo -d - everything ok, no errors. But when I add some files to analyze and check RemoteControl enable - after start I get that error in cuckoo log
2018-06-14 15:16:10,734 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "3903845489292784984" (task #129, options "procmemdump=yes,remotecontrol=yes,route=none") 2018-06-14 15:16:10,832 [cuckoo.core.scheduler] INFO: Task #129: acquired machine cuckoo1 (label=cuckoo1) 2018-06-14 15:16:10,854 [cuckoo.auxiliary.mitm] INFO: Started mitm interception with PID 12176 (ip=192.168.200.1, port=50000). 2018-06-14 15:16:10,854 [cuckoo.core.plugins] DEBUG: Started auxiliary module: MITM 2018-06-14 15:16:10,879 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 12177 (interface=vboxnet0, host=192.168.200.101) 2018-06-14 15:16:10,880 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2018-06-14 15:16:10,932 [cuckoo.machinery.virtualbox] DEBUG: Starting vm cuckoo1 2018-06-14 15:16:11,179 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo1 to running1 2018-06-14 15:16:12,026 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: MITM 2018-06-14 15:16:12,054 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2018-06-14 15:16:12,054 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo1 2018-06-14 15:16:12,292 [cuckoo.machinery.virtualbox] INFO: Successfully disabled remote control for virtual machine with label cuckoo1 2018-06-14 15:16:12,321 [cuckoo.core.rooter] CRITICAL: Unable to passthrough root command (drop_disable) as the rooter unix socket doesn't exist. 2018-06-14 15:16:12,332 [cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/scheduler.py", line 737, in run self.launch_analysis() File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/scheduler.py", line 494, in launch_analysis machinery.start(self.machine.label, self.task) File "/usr/local/lib/python2.7/dist-packages/cuckoo/machinery/virtualbox.py", line 124, in start self.enable_vrde(label) File "/usr/local/lib/python2.7/dist-packages/cuckoo/machinery/virtualbox.py", line 404, in enable_vrde self._set_vrde_ports(label, self.options.virtualbox.controlports) File "/usr/local/lib/python2.7/dist-packages/cuckoo/machinery/virtualbox.py", line 453, in _set_vrde_ports if not re.match("^[0-9\-]+$", ports): File "/usr/lib/python2.7/re.py", line 141, in match return _compile(pattern, flags).match(string) TypeError: expected string or buffer
RicoVZ
commented
6 years ago Hi @artv2007,
What is the value of controlports = in your virtualbox.conf? It should be a port range, for example:
controlports = 5000-5050.
artv2007
commented
6 years ago Hi @RicoVZ , I set controlports = 33389-33395 value in the virtualbox.conf What else should I add to this configuration file?
Now, when I click "RemoteControl" buttom, new window open but an error occured.
What else should I add to this configuration file
RicoVZ
commented
6 years ago @artv2007 Can you post the Cuckoo and Cuckoo web log when this happens? :smile:
Did you install Guacamole using the package manager: sudo apt install libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacd?
artv2007
commented
6 years ago @RicoVZ
Here is my logs cuckoo.log cuckoo-web.log
I have Ubuntu Server 16.04 and install Guacamole from source by instruction. following will build the latest version (0.9.14) from source:
$ sudo apt -y install libcairo2-dev libjpeg-turbo8-dev libpng-dev libossp-uuid-dev libfreerdp-dev $ mkdir /tmp/guac-build && cd /tmp/guac-build $ wget https://www.apache.org/dist/guacamole/0.9.14/source/guacamole-server-0.9.14.tar.gz $ tar xvf guacamole-server-0.9.14.tar.gz && cd guacamole-server-0.9.14 $ ./configure --with-init-dir=/etc/init.d $ make && sudo make install && cd .. $ sudo ldconfig $ sudo /etc/init.d/guacd start
littlejob
commented
6 years ago I too had a similar issue posted in another thread - the below is what resolved the issue for me....
It appears when I reinstalled from the package repository I was not pulling the latest version of guac, per the requirements (here)
I ran the below to uninstall..
sudo apt-get remove libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacd
I then reinstalled per the instructions in the documentation from building from source.. I restarted cuckoo and bam, it is now working as expected..
Antyrael
commented
6 years ago That's weird, that's exactly what I did and it still didn't work for me.
rmeghnagi
commented
5 years ago Hi all,
do you have some update about this issue?
@artv2007 I've the same error and i don't have any error in the logs, could you help me?
Thank you in advance! R.
xECK29x
commented
5 years ago Hi @RicoVZ , I set controlports = 33389-33395 value in the virtualbox.conf What else should I add to this configuration file?
Now, when I click "RemoteControl" buttom, new window open but an error occured. What else should I add to this configuration file
I am having this issue as well, I feel I am so close to getting this working! I am not seeing any notable errors in my logs, happy to provide anything to fix or address this. What I can tell is if I refresh the window while this error is occurring I can see the desktop of my VM for a few seconds but I am unable to interact with it before it shows this error message again.
infinitesecure
commented
5 years ago I too had a similar issue posted in another thread - the below is what resolved the issue for me....
It appears when I reinstalled from the package repository I was not pulling the latest version of guac, per the requirements (here)
I ran the below to uninstall..
sudo apt-get remove libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacdI then reinstalled per the instructions in the documentation from building from source.. I restarted cuckoo and bam, it is now working as expected..
worked for me! Thx
Mokatsu
commented
5 years ago Does anyone have another fix? I build from source but still get the same error: "An error occurred". Using KVM as a virtualization platform.
ghost
commented
4 years ago I use KVM (18.04,guacd 1.0.0 from source) 2.0.7, made it to work with windows 10 VM. Virt-manager set display to VGA, set Graphic to VNC on all interfaces. Leave only VNC.
Quit virt-manager sessions to VM.
Apply this fix to fix internal web errors 500 : https://github.com/cuckoosandbox/cuckoo/issues/2771
If you run cuckoo web -H 0.0.0.0, it works fine, but with nginx and uswgi you will get many internal server errors and you will be disconnected from VM.
I decided to use nginx as https/authorization proxy to cuckoo web running with cuckoo web -H 0.0.0.0.
So far no disconnects
Mokatsu
commented
4 years ago ghost - I keep seeing on the guac threads that when using virtualbox you need to set remote ports within the virtualbox.conf, do youhave to do the same for kvm? Also Would you be able to share some insight in regards to your configuration? I cant seem to get it to work at all (always get the static screen)
additional details:
I removed the nginx service and ran cuckoo web server on 0.0.0.0. started guacamole on locahost:4822 with debug log on, set the config within cuckoo.conf, restarted cuckoo. Started an analysis with remote control and tried to remote. Still getting the static screen:
guacd logs show nothing, it seems like cuckoo is not event calling to guacd
Nov 8 13:34:29 p-sc-dsk-kumi systemd[1]: guacd.service: Found left-over process 26689 (guacd) in control group while starting unit. Ignoring. Nov 8 13:34:29 p-sc-dsk-kumi guacd[26836]: Guacamole proxy daemon (guacd) version 0.9.9 started Nov 8 13:34:29 p-sc-dsk-kumi guacd[26839]: Listening on host 127.0.0.1, port 4822 Nov 8 13:34:29 p-sc-dsk-kumi guacd[26836]: guacd[26836]: INFO:#011Guacamole proxy daemon (guacd) version 0.9.9 started Nov 8 13:34:54 p-sc-dsk-kumi guacd[26909]: Guacamole proxy daemon (guacd) version 0.9.9 started Nov 8 13:34:54 p-sc-dsk-kumi guacd[26909]: guacd[26909]: INFO:#011Guacamole proxy daemon (guacd) version 0.9.9 started Nov 8 13:34:54 p-sc-dsk-kumi guacd[26909]: guacd[26909]: DEBUG:#011Successfully bound socket to host 127.0.0.1, port 4822 Nov 8 13:34:54 p-sc-dsk-kumi guacd[26909]: guacd[26909]: DEBUG:#011Exiting and passing control to PID 26910 Nov 8 13:34:54 p-sc-dsk-kumi systemd[1]: guacd.service: Can't open PID file /var/run/guacd/guacd.pid (yet?) after start: No such file or directory Nov 8 13:34:54 p-sc-dsk-kumi guacd[26909]: Successfully bound socket to host 127.0.0.1, port 4822 Nov 8 13:34:54 p-sc-dsk-kumi guacd[26909]: guacd[26910]: DEBUG:#011Exiting and passing control to PID 26911 Nov 8 13:34:54 p-sc-dsk-kumi guacd[26909]: Exiting and passing control to PID 26910 Nov 8 13:34:54 p-sc-dsk-kumi guacd[26910]: Exiting and passing control to PID 26911 Nov 8 13:34:54 p-sc-dsk-kumi guacd[26911]: Listening on host 127.0.0.1, port 4822
Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html Yes
My issue is:
Remote Control Configuration
My Cuckoo version and operating system are:
latest Cuckoo pulled from development branch. Ubuntu 16 Server.
This can be reproduced by:
The log, error, files etc can be found at:
Failed to connect to guacd on 10.0.0.27:4822 -> Guacamole Protocol Error. Cannot start Handshake. Missing protocol.
I have also installed standalone Guacamole but with no help.