Open daniaquazi opened 4 years ago
Looks like you have not set your permissions correctly, also the tcpdump issues are again permissions,
All covered in the documents
From: daniaquazi notifications@github.com Sent: Friday, January 3, 2020 9:33:15 AM To: cuckoosandbox/cuckoo cuckoo@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [cuckoosandbox/cuckoo] Virtual machine closes unexpectedly with cuckoo spewing errors (#2932)
Hi everyone, Environment is: Main operating system is Windows 10 64 bit with Ubuntu 18.04 linux subsystem Cuckoo version: 2.0.6 Virtual machine: Win10 64 bit using the Windows 10 above as host
I open the virtual machine with the cuckoo agent running in it. The web page and video that I followed to configure cuckoo was: www.sanjaysaha.info/blog/installation-of-cuckoo-sandbox-in-windows-10/http://www.sanjaysaha.info/blog/installation-of-cuckoo-sandbox-in-windows-10/ https://www.youtube.com/watch?v=nLGJHgv6uWA The links I used are for an older version of cuckoo so I had to look up different things to fix problems I was having when following this tutorial. I followed all the steps in the link to configure cuckoo and then to launch it I ran the commands:
Static analysis is working. I am not that experienced in using Linux but I think the problem is due to the fact that some aspects of the networking needs to be configured but I have no clue currently on how to do it or what needs to be changed. I would appreciate any help anyone can provide. Regards, Dania
Cuckoo Sandbox 2.0.7 www.cuckoosandbox.orghttp://www.cuckoosandbox.org Copyright (c) 2010-2018
Checking for updates... You're good to go!
Our latest blogposts:
Cuckoo Sandbox 2.0.7, June 19, 2019. Stability and security More at https://cuckoosandbox.org/blog/207-interim-release
IQY malspam campaign, October 15, 2018. Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing DDE to achieve code execution. More at https://hatching.io/blog/iqy-malspam
Hooking VBScript execution in Cuckoo, October 03, 2018. Details on implementation of Visual Basic Script instrumentation for Cuckoo Monitor for extraction of dynamically executed VBScript. More at https://hatching.io/blog/vbscript-hooking
Cuckoo Sandbox 2.0.6 pentest, September 18, 2018. Cuckoo Sandbox 2.0.6 public pentest performed by Cure53 and sponsored by PolySwarm! More at https://hatching.io/blog/cuckoo-206-pentest
Cuckoo Sandbox 2.0.6, June 07, 2018. Interim release awaiting the big release. More at https://cuckoosandbox.org/blog/206-interim-release
2020-01-02 20:26:15,512 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2020-01-02 20:26:16,650 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2020-01-02 20:26:16,666 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2020-01-02 20:27:47,089 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "02ca4397da55b3175aaa1ad2c99981e792f66151.bin" (task #44https://github.com/cuckoosandbox/cuckoo/pull/44, options "procmemdump=yes,route=none") 2020-01-02 20:27:47,633 [cuckoo.core.scheduler] INFO: Task #44https://github.com/cuckoosandbox/cuckoo/pull/44: acquired machine cuckoo1 (label=WinDev1910Eval) 2020-01-02 20:27:47,867 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 748 (interface=VirtualBox Host-Only Network, host=192.168.56.104) 2020-01-02 20:27:49,022 [cuckoo.core.scheduler] ERROR: Error starting Virtual Machine! VM: cuckoo1, error: Trying to start an already started VM: WinDev1910Eval 2020-01-02 20:27:49,029 [cuckoo.core.plugins] ERROR: Unable to stop auxiliary module: Sniffer Traceback (most recent call last): File "/home/daniaq/.local/lib/python2.7/site-packages/cuckoo/core/plugins.py", line 164, in stop module.stop() File "/home/daniaq/.local/lib/python2.7/site-packages/cuckoo/auxiliary/sniffer.py", line 156, in stop (out, err, faq("permission-denied-for-tcpdump")) CuckooOperationalError: Error running tcpdump to sniff the network traffic during the analysis; stdout = '' and stderr = 'tcpdump: socket for SIOCETHTOOL(ETHTOOL_GET_TS_INFO): Socket type not supported\n'. Did you enable the extra capabilities to allow running tcpdump as non-root user and disable AppArmor properly (the latter only applies to Ubuntu-based distributions with AppArmor, see also https://cuckoo.sh/docs/faq/index.html#permission-denied-for-tcpdump)? 2020-01-02 20:27:51,453 [cuckoo.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files. 2020-01-02 20:27:52,849 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/daniaq/.cuckoo/storage/analyses/44/dump.pcap". 2020-01-02 20:27:52,856 [cuckoo.processing.debug] ERROR: Error processing task #44https://github.com/cuckoosandbox/cuckoo/pull/44: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration 2020-01-02 20:27:53,149 [cuckoo.core.scheduler] INFO: Task #44https://github.com/cuckoosandbox/cuckoo/pull/44: reports generation completed 2020-01-02 20:27:53,164 [cuckoo.core.scheduler] INFO: Task #44https://github.com/cuckoosandbox/cuckoo/pull/44: analysis procedure completed
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/cuckoosandbox/cuckoo/issues/2932?email_source=notifications&email_token=AEH6FGEGUJECKRWIWE57EJTQ3ZFQXA5CNFSM4KCGMP62YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4IDYACDA, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AEH6FGEX36XRF6GHIFGUDLLQ3ZFQXANCNFSM4KCGMP6Q.
I have looked at the documentation and seen the "Permission denied for tcpdump". The apparmor utils install without any errors but the "sudo aa-disable /usr/sbin/tcpdump" gives me an error. Any ideas how to resolve the problem please?
daniaq@DESKTOP-JAADHLS:~$ sudo aa-disable /usr/sbin/tcpdump Disabling /usr/sbin/tcpdump.
ERROR: Cache read/write disabled: interface file missing. (Kernel needs AppArmor 2.4 compatibility patch.) Warning: unable to find a suitable fs in /proc/mounts, is it mounted? Use --subdomainfs to override.
Hi everyone, Environment is: Main operating system is Windows 10 64 bit with Ubuntu 18.04 linux subsystem Cuckoo version: 2.0.6 Virtual machine: Win10 64 bit using the Windows 10 above as host
I open the virtual machine with the cuckoo agent running in it. The web page and video that I followed to configure cuckoo was: www.sanjaysaha.info/blog/installation-of-cuckoo-sandbox-in-windows-10/ https://www.youtube.com/watch?v=nLGJHgv6uWA The links I used are for an older version of cuckoo so I had to look up different things to fix problems I was having when following this tutorial. I followed all the steps in the link to configure cuckoo and then to launch it I ran the commands:
Static analysis is working. I am not that experienced in using Linux but I think the problem is due to the fact that some aspects of the networking needs to be configured but I have no clue currently on how to do it or what needs to be changed. I would appreciate any help anyone can provide. Regards, Dania
Cuckoo Sandbox 2.0.7 www.cuckoosandbox.org Copyright (c) 2010-2018
Checking for updates... You're good to go!
Our latest blogposts:
Cuckoo Sandbox 2.0.7, June 19, 2019. Stability and security More at https://cuckoosandbox.org/blog/207-interim-release
IQY malspam campaign, October 15, 2018. Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing DDE to achieve code execution. More at https://hatching.io/blog/iqy-malspam
Hooking VBScript execution in Cuckoo, October 03, 2018. Details on implementation of Visual Basic Script instrumentation for Cuckoo Monitor for extraction of dynamically executed VBScript. More at https://hatching.io/blog/vbscript-hooking
Cuckoo Sandbox 2.0.6 pentest, September 18, 2018. Cuckoo Sandbox 2.0.6 public pentest performed by Cure53 and sponsored by PolySwarm! More at https://hatching.io/blog/cuckoo-206-pentest
Cuckoo Sandbox 2.0.6, June 07, 2018. Interim release awaiting the big release. More at https://cuckoosandbox.org/blog/206-interim-release
2020-01-02 20:26:15,512 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2020-01-02 20:26:16,650 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2020-01-02 20:26:16,666 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2020-01-02 20:27:47,089 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "02ca4397da55b3175aaa1ad2c99981e792f66151.bin" (task #44, options "procmemdump=yes,route=none") 2020-01-02 20:27:47,633 [cuckoo.core.scheduler] INFO: Task #44: acquired machine cuckoo1 (label=WinDev1910Eval) 2020-01-02 20:27:47,867 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 748 (interface=VirtualBox Host-Only Network, host=192.168.56.104) 2020-01-02 20:27:49,022 [cuckoo.core.scheduler] ERROR: Error starting Virtual Machine! VM: cuckoo1, error: Trying to start an already started VM: WinDev1910Eval 2020-01-02 20:27:49,029 [cuckoo.core.plugins] ERROR: Unable to stop auxiliary module: Sniffer Traceback (most recent call last): File "/home/daniaq/.local/lib/python2.7/site-packages/cuckoo/core/plugins.py", line 164, in stop module.stop() File "/home/daniaq/.local/lib/python2.7/site-packages/cuckoo/auxiliary/sniffer.py", line 156, in stop (out, err, faq("permission-denied-for-tcpdump")) CuckooOperationalError: Error running tcpdump to sniff the network traffic during the analysis; stdout = '' and stderr = 'tcpdump: socket for SIOCETHTOOL(ETHTOOL_GET_TS_INFO): Socket type not supported\n'. Did you enable the extra capabilities to allow running tcpdump as non-root user and disable AppArmor properly (the latter only applies to Ubuntu-based distributions with AppArmor, see also https://cuckoo.sh/docs/faq/index.html#permission-denied-for-tcpdump)? 2020-01-02 20:27:51,453 [cuckoo.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files. 2020-01-02 20:27:52,849 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/daniaq/.cuckoo/storage/analyses/44/dump.pcap". 2020-01-02 20:27:52,856 [cuckoo.processing.debug] ERROR: Error processing task #44: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration 2020-01-02 20:27:53,149 [cuckoo.core.scheduler] INFO: Task #44: reports generation completed 2020-01-02 20:27:53,164 [cuckoo.core.scheduler] INFO: Task #44: analysis procedure completed