RicoVZ
commented
6 years ago Hi Joukahainen123,
Thanks for posting an issue.
How did you install Guacamole? If manually, can you try removing it and installing it using the package manager?
Open Joukahainen123 opened 6 years ago
RicoVZ
commented
6 years ago Hi Joukahainen123,
Thanks for posting an issue.
How did you install Guacamole? If manually, can you try removing it and installing it using the package manager?
Joukahainen123
commented
6 years ago Hi. I installed Guacamole manually (latest one from source).
Removed the manual installnow and installed with package manager.
Gave error about libossp-uuid.so in the logs so I installed it also. Now having "Error loading client plugin: Invalid argument".
So the symptoms are the same, but the error a bit different.
Jun 14 13:59:02 cuckootwo systemd[1]: Starting LSB: Guacamole proxy daemon...
Jun 14 13:59:02 cuckootwo guacd[24796]: * Starting Guacamole proxy server guacd
Jun 14 13:59:02 cuckootwo guacd[24805]: Guacamole proxy daemon (guacd) version 0.8.3
Jun 14 13:59:02 cuckootwo guacd[24805]: Unable to bind socket to host ::1, port 4822: Address family not supported by protocol
Jun 14 13:59:02 cuckootwo guacd[24805]: Successfully bound socket to host 127.0.0.1, port 4822
Jun 14 13:59:02 cuckootwo guacd[24805]: Exiting and passing control to PID 24806
Jun 14 13:59:02 cuckootwo guacd[24806]: Exiting and passing control to PID 24807
Jun 14 13:59:02 cuckootwo guacd[24807]: Listening on host 127.0.0.1, port 4822
Jun 14 13:59:02 cuckootwo guacd[24796]: ...done.
Jun 14 13:59:02 cuckootwo systemd[1]: Started LSB: Guacamole proxy daemon.
Jun 14 13:59:02 cuckootwo systemd[1]: Reloading.
Jun 14 13:59:02 cuckootwo systemd[1]: Started ACPI event daemon.
Jun 14 13:59:02 cuckootwo systemd[1]: Started CUPS Scheduler.
Jun 14 13:59:18 cuckootwo systemd[1]: Started LSB: Guacamole proxy daemon.
Jun 14 14:00:59 cuckootwo kernel: [68285.155562] device vboxnet0 entered promiscuous mode
Jun 14 14:01:00 cuckootwo kernel: [68286.336719] vboxdrv: 0000000000000000 VMMR0.r0
Jun 14 14:01:00 cuckootwo NetworkManager[995]:
littlejob
commented
6 years ago Curious, if you run cuckoo in dev mode, do you get successful enablement message?
2018-06-22 06:01:50,930 [cuckoo.machinery.virtualbox] DEBUG: Starting vm Win7
2018-06-22 06:01:51,226 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine Win7 to Snap01
**2018-06-22 06:01:51,559 [cuckoo.machinery.virtualbox] INFO: Successfully set remote control ports for virtual machine with label Win7: 5000-5050
2018-06-22 06:01:51,697 [cuckoo.machinery.virtualbox] INFO: Successfully enabled remote control for virtual machine with label Win7 on port(s): 5000-5050**
2018-06-22 06:01:54,687 [cuckoo.core.guest] INFO: Starting analysis on guest (id=Win7, ip=192.168.56.101)
I ask, as I too get a similar error, no matter how I install Guacamole...
I also had an issue with the new agent - following another issue documented, I was able to run the script as an admin, and the processing continues and completes, but the remote web control does not work.. I also have the following log listed. (see bold).
2018-06-22 06:02:01,146 [cuckoo.core.guest] DEBUG: Win7: analysis still processing
2018-06-22 06:02:01,635 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.
2018-06-22 06:02:02,156 [cuckoo.core.guest] DEBUG: Win7: analysis still processing
**2018-06-22 06:02:08,164 [cuckoo.core.guest] INFO: Virtual Machine /status failed (CuckooGuestError('Cuckoo Agent failed without error status, please try upgrading to the latest version of agent.py (>= 0.8) and notify us if the issue persists.',))**
2018-06-22 06:02:08,167 [cuckoo.core.guest] DEBUG: Win7: analysis still processing
2018-06-22 06:02:12,181 [cuckoo.core.guest] DEBUG: Win7: analysis still processing
2018-06-22 06:02:12,516 [cuckoo.core.resultserver] DEBUG: File upload request for shots/0001.jpg
2018-06-22 06:02:12,527 [cuckoo.core.resultserver] DEBUG: Uploaded file length: 50572
I tried increasing the timeout of the scan, disabling the behavioral analysis and simulated human interaction modes, still to no prevail.
Just trying to compare my configs with a individual having the same issue! :)
Joukahainen123
commented
6 years ago Yes, I will get the same "Successfully enabled" message in the logs.
littlejob
commented
6 years ago Do you get the second error listed?
2018-06-22 06:02:08,164 [cuckoo.core.guest] INFO: Virtual Machine /status failed (CuckooGuestError('Cuckoo Agent failed without error status, please try upgrading to the latest version of agent.py (>= 0.8) and notify us if the issue persists.',))
It is strange as the analysis is completing successfully, but something in the agent config is not liked.. but I don't see any references of the Guac service in the agent file, so I do not think that is related..
I uninstalled and reinstalled, Guac still to no prevail. I have tried a few older versions as well, just to test which also failed. I took a snapshot before my first installation, so I know I have a clean installation with no prior app settings local.
littlejob
commented
6 years ago Update: It appears when I reinstalled from the package repository I was not pulling the latest version of guac, per the requirements here
I ran the below to uninstall..
`sudo apt-get remove libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacd
`
I then reinstalled per the instructions in the documentation from building from source.. I restarted cuckoo and bam, it is now working as expected..
My Cuckoo version and operating system are:
Ubuntu 16.04 LTS / Cuckoo 2.0.6
I have followed the instructions to install Guacamole. Things seem to work but I cannot establish the remote connection. Will get "An error occured" on Guacamole screen.
Following related logs can be found from syslog when this happens:
Jun 13 19:25:13 cuckootwo guacd[12794]: Guacamole proxy daemon (guacd) version 0.9.14 started Jun 13 19:25:13 cuckootwo guacd[12796]: Listening on host 127.0.0.1, port 4822 Jun 13 19:25:54 cuckootwo kernel: [ 1380.709157] device vboxnet0 entered promiscuous mode Jun 13 19:25:55 cuckootwo kernel: [ 1382.044954] vboxdrv: 0000000000000000 VMMR0.r0 Jun 13 19:25:55 cuckootwo NetworkManager[995]: [1528907155.8767] device (vboxnet0): link connected
Jun 13 19:25:55 cuckootwo kernel: [ 1382.158360] VBoxNetFlt: attached to 'vboxnet0' / 0a:00:27:00:00:00
Jun 13 19:25:55 cuckootwo kernel: [ 1382.212647] vboxdrv: 0000000000000000 VBoxDDR0.r0
Jun 13 19:25:56 cuckootwo kernel: [ 1382.314083] vboxdrv: 0000000000000000 VBoxEhciR0.r0
Jun 13 19:26:21 cuckootwo guacd[12796]: Creating new client for protocol "rdp"
Jun 13 19:26:21 cuckootwo guacd[12796]: Connection ID is "$00293baf-0e1d-412e-ab7c-5cddffafa338"
Jun 13 19:26:21 cuckootwo guacd[13229]: No security mode specified. Defaulting to RDP.
Jun 13 19:26:21 cuckootwo guacd[13229]: Resize method: none
Jun 13 19:26:21 cuckootwo guacd[13229]: User "@9358c5e5-12fb-45c7-af80-28e1c94d6335" joined connection "$00293baf-0e1d-412e-ab7c-5cddffafa338" (1 users now present)
Jun 13 19:26:21 cuckootwo guacd[13229]: Loading keymap "base"
Jun 13 19:26:21 cuckootwo guacd[13229]: Loading keymap "en-us-qwerty"
Jun 13 19:26:21 cuckootwo guacd[13229]: Failed to load guacdr plugin. Drive redirection and printing will not work. Sound MAY not work.
Jun 13 19:26:21 cuckootwo guacd[13229]: Failed to load guacsnd alongside guacdr plugin. Sound will not work. Drive redirection and printing MAY not work.
Jun 13 19:26:21 cuckootwo guacd[13229]: Error connecting to RDP server
Jun 13 19:26:21 cuckootwo guacd[13229]: User "@9358c5e5-12fb-45c7-af80-28e1c94d6335" disconnected (0 users remain)
Jun 13 19:26:21 cuckootwo guacd[13229]: Last user of connection "$00293baf-0e1d-412e-ab7c-5cddffafa338" disconnected
Jun 13 19:26:21 cuckootwo guacd[12796]: Connection "$00293baf-0e1d-412e-ab7c-5cddffafa338" removed.
Jun 13 19:29:55 cuckootwo kernel: [ 1621.453676] device vboxnet0 left promiscuous mode
Jun 13 19:29:55 cuckootwo NetworkManager[995]: [1528907395.1995] device (vboxnet0): link disconnected