41ph4r3f13x
commented
5 years ago Bump
Open ghost opened 5 years ago
41ph4r3f13x
commented
5 years ago Bump
Sandbox-It
commented
5 years ago I'm having the same exact issue after updating from 2.0.6 to 2.0.7. It was working fine prior to the upgrade. I have also tried removing and reinstalling the latest version of guac according the official cuckoo documentation.
infinitesecure
commented
5 years ago I'm having the same exact issue after updating from 2.0.6 to 2.0.7. It was working fine prior to the upgrade. I have also tried removing and reinstalling the latest version of guac according the official cuckoo documentation.
same issue here
0x0Z
commented
5 years ago I'm experiencing the same behavior.
littlejob
commented
5 years ago same here - i also received similar errors, but in my case i also have vboxnetflt errors as well. emulation and processing work as intended, yet guac remote desktop fails.
Oct 16 17:43:23 sec-lab kernel: [ 481.016678] device vboxnet0 left promiscuous mode
Oct 16 17:43:23 sec-lab systemd-networkd[796]: vboxnet0: Lost carrier
Oct 16 17:43:23 sec-lab systemd-timesyncd[735]: Network configuration changed, trying to establish connection.
Oct 16 17:43:23 sec-lab kernel: [ 481.029396] vboxnetflt: 5880 out of 5906 packets were not sent (directed to host)curious, are you also running the latest version of virtual box and the updated extension pack?
littlejob
commented
5 years ago same here - i also received similar errors, but in my case i also have vboxnetflt errors as well. emulation and processing work as intended, yet guac remote desktop fails.
Oct 16 17:43:23 sec-lab kernel: [ 481.016678] device vboxnet0 left promiscuous mode Oct 16 17:43:23 sec-lab systemd-networkd[796]: vboxnet0: Lost carrier Oct 16 17:43:23 sec-lab systemd-timesyncd[735]: Network configuration changed, trying to establish connection. Oct 16 17:43:23 sec-lab kernel: [ 481.029396] vboxnetflt: 5880 out of 5906 packets were not sent (directed to host)curious, are you also running the latest version of virtual box and the updated extension pack?
just found something on another tracked issue that is a work around to this issue.. https://github.com/cuckoosandbox/cuckoo/issues/2771#issuecomment-507935698
need to modify this file: /usr/local/lib/python2.7/dist-packages/cuckoo/web/analysis/urls.py
towards the top add the below underneath from django.conf.urls import url
from django.views.decorators.csrf import csrf_exempt
then around line 26ish - comment out _url(r"^(?P
add the following directly below:
url(r"^(?P<task_id>\d+)/control/tunnel/.*", csrf_exempt(ControlApi.tunnel), name="analysis/control/tunnel"),
then around line 50ish - comment out _url(r"^api/tasks/info/$", AnalysisApi.tasksinfo),
add the following directly below:
url(r"^api/tasks/info/$", csrf_exempt(AnalysisApi.tasks_info)),
re-start cuckoo - or reboot - BAM should now work..
RicoVZ
commented
4 years ago Hi DavidMagenta,
Thanks for posting an issue.
This is indeed a bug. The reason for it is because the CSRF token is not being sent by the UI for the RDP connection.
We have added a label to this issues and will close it when it is fixed.
sreemanshanker
commented
4 years ago i have done the changes to the dist-packages/cuckoo/web/analysis/urls.py as above, but still facing the same error. even rebooted the machine and restarted cuckoo.
Edit: the file on mine is /lib/python2.7/site-packages/cuckoo/web/controllers/cuckoo/urls.py Its site-packages and not dist-packages. does that make a diff? I cant seem to find dist-packages on mine
copeland3300
commented
4 years ago Still broken for me as well, but it seems to be slightly better than it was...
When I run the web server with cuckoo -d web -H 0.0.0.0 -p 8081, I'm not getting a 403 anymore on the /control/tunnel/?connect call, and I'm seeing /control/tunnel/?write and /control/tunnel/?read calls...
I'm just still seeing the "An error occured." screen. I haven't tried any other hypervisors yet, so I can't speak to those working better or worse at the moment.
Here's the diff:
--- urls.py 2018-06-06 10:03:35.000000000 +0000
+++ /usr/local/lib/python2.7/dist-packages/cuckoo/web/analysis/urls.py 2020-05-19 01:41:06.024352905 +0000
@@ -5,6 +5,7 @@
from . import views
from django.conf.urls import url
+from django.views.decorators.csrf import csrf_exempt
from cuckoo.web.controllers.analysis.api import AnalysisApi
from cuckoo.web.controllers.analysis.compare.routes import AnalysisCompareRoutes
@@ -22,7 +23,7 @@
url(r"^(?P<task_id>\d+)/reboot/$", SubmissionRoutes.reboot, name="analysis/reboot"),
url(r"^(?P<task_id>\d+)/control/$", AnalysisControlRoutes.player, name="analysis/control/player"),
url(r"^(?P<task_id>\d+)/control/screenshots/$", ControlApi.store_screenshots, name="analysis/control/screenshots"),
- url(r"^(?P<task_id>\d+)/control/tunnel/.*", ControlApi.tunnel, name="analysis/control/tunnel"),
+ url(r"^(?P<task_id>\d+)/control/tunnel/.*", csrf_exempt(ControlApi.tunnel), name="analysis/control/tunnel"),
url(r"^(?P<task_id>\d+)/compare/$", AnalysisCompareRoutes.left, name="analysis/compare/left"),
url(r"^(?P<task_id>\d+)/compare/(?P<compare_with_task_id>\d+)/$", AnalysisCompareRoutes.both, name="analysis/compare/both"),
url(r"^(?P<task_id>\d+)/compare/(?P<compare_with_hash>.*)/$", AnalysisCompareRoutes.hash, name="analysis/compare/hash"),
@@ -46,7 +47,7 @@
views.moloch),
url(r"^import/$", SubmissionRoutes.import_, name="analysis/import"),
# url(r"^api/tasks/list/$", AnalysisApi.tasks_list),
- url(r"^api/tasks/info/$", AnalysisApi.tasks_info),
+ url(r"^api/tasks/info/$", csrf_exempt(AnalysisApi.tasks_info)),
url(r"^api/tasks/recent/$", AnalysisApi.tasks_recent),
url(r"^api/tasks/stats/$", AnalysisApi.tasks_stats),
# url(r"^api/tasks/delete/$", AnalysisApi.task_delete),
My issue is:
If I try to use the integrated remote control function that is based on guacd I only get the static Error screen. My experience is quite similar to the issues #2529 and #2550. I run my cuckoo instance over nginx using uwsgi. Everything is working well and I get plausible results as far as I can tell even though I get quite a lot of False Positives on my Win7x64 SP1 machine even when uploading harmless files such as the notepad.exe. However, if I try to use Remote Control over Guacamole I get the static screen and a notification saying "An Error Occured". I played around with the settings yet nothing changed the situation. I use the notepad.exe that comes with Win7x64 SP1 for testing purposes. Example settings are:
My Cuckoo version and operating system are:
I access the system remotely; my setup is:
EDIT: The system runs as a VM inside my vSphere (v6.7.0.2)
This can be reproduced by:
First I tried the fixes from #2529:
I installed guacd according to cuckoo docs:
sudo apt install libguac-client-rdp0 libguac-client-vnc0 libguac-client-ssh0 guacdI also tried uninstalling the package and installing from source as described in #2529. I used these commands:
For troubleshooting I ditched using nginx and uWSGI and start both cuckoo and the cuckoo web server manually using:
cuckooandcuckoo web runserver 0.0.0.0:8000However, this yields the exact same Issue Using different Browsers also does not change anything.
Excerpts from my _$CWD/conf/
cuckoo.conf:
virtualbox.conf:
IP Tables have been configured according to the documentation at https://cuckoo.readthedocs.io/en/latest/installation/host/routing/
The log, error, files etc can be found at:
$CWD/log/cuckoo.log
/var/log/syslog