Open IceM4nn opened 5 years ago
Actually, due to unsanitized binary data being passed in as an argument (p1) to ping.exe:
{
"status": "",
"raw": "Thu Dec 27 20:29:29 2018.840632 ping@7f29d0ea2da7[2693] sendto(6, \"\\b\\0\\x29A\\n\\205\\0\\001\\x296%\\\\\\0\\0\\0\\0\\252\\323\\f\\0\\0\\0\", 64, 0x0, {AF_INET, 8.8.8.8, 0}, 16) = 64\n",
"api": "sendto",
"return_value": "64",
"instruction_pointer": "7f29d0ea2da7",
"time": 1545942569.840632,
"process_name": "ping",
"pid": 2693,
"arguments": {
"p2": "64",
"p3": "0x0",
"p0": "6",
"p1": "\b\u0000)A\n\u0085\u0000\u0001)6%\\\u0000\u0000\u0000\u0000\u00aa\u00d3\f\u0000\u0000\u0000",
"p4": [
"AF_INET",
"8.8.8.8",
"0"
],
"p5": "16"
}
}
So how to fix this issue? have you try produce the bug yourself using the method I did above?
My issue is:
Failed to run the reporting module: MongoDB. Improper encoding.
My Cuckoo version and operating system are:
Cuckoo version 2.0.6 Host: Ubuntu 18.04 x64 Guest: Ubuntu 18.04 x64
This can be reproduced by:
I generate a binary by using msfvenom to execute ping command (don't ask why msfvenom)
The IP
8.8.8.8
is alive and reachable. The guest sandbox can ping to the IP from its terminal. This issue is cause by improper encoding.Note: I've also try with
ping google.com -c 3
at first it show the same error, but after that Ipip install --upgrade pymongo
this fix this issue. but withping 8.8.8.8 -c 3
it gets the error back.Submitting the binary to https://linux.huntingmalware.com also gives the same error and causes the report cannot be generated. Link https://linux.huntingmalware.com/analysis/16631/summary/ (the report is not there due to pymongo having the same error (assuming) as the log below)
The log, error, files etc can be found at:
cuckoo.log
Here is report.json