Command line submit to API revisited

[DigiAngel]

Looking at this: https://cuckoo.readthedocs.io/en/latest/usage/api/

I know I've pinged here before, but passing multiple -F's via curl just does not seem to work for me. Is there a way to pass multiple options to the API? Thank you.

[reox]

It does for me, can you post the whole curl command you are using?

[DigiAngel]

Full command:

curl -F options="procmemdump = yes" -F file=@seay.exe -F timeout="60" -F machine=win764cuckoo2 "http://localhost:8090/tasks/create/file"

the default time is set to 560, and that's how it run I think....I'll run a few mores tests and report my findings thank you.

[doomedraven]

maybe stupid, but try no spaces between procdump and yes, also put few debug lines how it interpreted on web, bcz it works normally just fine

[DigiAngel]

Well hrmm....just ran one via the gui to run 60 seconds and here's what I got:

Sept. 20, 2018, 9:17 a.m. | Sept. 20, 2018, 9:19 a.m. | 126 seconds

maybe something else. Sidenote, is there a FULL list of options to use via the API? I was sure there was a way you could specify the routing but I can't seem to find it...thank you.

[doomedraven]

that is normal, bzc of extra time in cuckoo conf set before exit

[doomedraven]

ful llist, see code of submission web page args ;) should ve -f "route=Tor" see there is translation func which have it all, you need to start digging more in code to learn the internals ;)

[doomedraven]

example https://github.com/cuckoosandbox/cuckoo/blob/3b628384d5dd2c8982e71548d7413e2c89172181/cuckoo/core/submit.py#L60

[DigiAngel]

Gotcha thanks...trying now with:

 curl -F file=@file-263892.doc -F timeout="60" -F route=intesim -F machine=win764cuckoo2 "http://localhost:8090/tasks/create/file"

points to someone that can id the doc ;) Will post results of this in a second.

[doomedraven]

ok, the best doc ever, get hands dirty hahha is how i learned cuckoo internlas

[DigiAngel]

LoL...nice...I see I typo'd inetsim ;)

[DigiAngel]

So ok...after fixing that up:

curl -F file=@file-A94465.doc -F timeout="60" -F route=inetsim -F machine=win764cuckoo2 "http://localhost:8090/tasks/create/file"

results say tor however

Am I missing something?

[DigiAngel]

And some results...tried -F route="inetsim" and -F "route=inetsim" same results:

*   Trying ::1...
* TCP_NODELAY set
* connect to ::1 port 8090 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8090 (#0)
> POST /tasks/create/file HTTP/1.1
> Host: localhost:8090
> User-Agent: curl/7.52.1
> Accept: */*
> Content-Length: 89987
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=------------------------fc33c54e3334f54b
>
< HTTP/1.1 100 Continue
* HTTP 1.0, assume close after body
< HTTP/1.0 200 OK
< Content-Type: application/json
< Server: Machete Server
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
< Pragma: no-cache
< Cache-Control: no-cache
< Expires: 0
< Content-Length: 19
< Date: Thu, 20 Sep 2018 18:02:31 GMT
<
{
  "task_id": 8
}
* Curl_http_done: called premature == 0
* Closing connection 0