cuckoo doesn't process anything

[Ali-Razmjoo]

hello, i just run cuckoo

and submit a file

but there is no receive on my client

and there isn't any info in my cuckoo too. and finally dead!

additional information:

root@ubuntu:/home/x/Desktop/cuckoo/conf# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0c:29:64:38:f8  
          inet addr:192.168.232.139  Bcast:192.168.232.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe64:38f8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4442 errors:1 dropped:1 overruns:0 frame:0
          TX packets:5441 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3026435 (3.0 MB)  TX bytes:708905 (708.9 KB)
          Interrupt:19 Base address:0x2000 

root@ubuntu:/home/x/Desktop/cuckoo/conf# cat auxiliary.conf 
[sniffer]
# Enable or disable the use of an external sniffer (tcpdump) [yes/no].
enabled = yes

# Specify the path to your local installation of tcpdump. Make sure this
# path is correct.
tcpdump = /usr/sbin/tcpdump

# Specify the network interface name on which tcpdump should monitor the
# traffic. Make sure the interface is active.
interface = eth0

# Specify a Berkeley packet filter to pass to tcpdump.
# bpf = not arp

root@ubuntu:/home/x/Desktop/cuckoo/conf# cat virtualbox.conf 
[virtualbox]
# Specify which VirtualBox mode you want to run your machines on.
# Can be "gui", "sdl" or "headless". Refer to VirtualBox's official
# documentation to understand the differences.
mode = headless

# Path to the local installation of the VBoxManage utility.
path = /usr/bin/VBoxManage

# Specify a comma-separated list of available machines to be used. For each
# specified ID you have to define a dedicated section containing the details
# on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)
machines = cuckoo1

[cuckoo1]
# Specify the label name of the current machine as specified in your
# VirtualBox configuration.
label = cuckoo1

# Specify the operating system platform used by current machine
# [windows/darwin/linux].
platform = windows

# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail.
ip = 192.168.232.140

# (Optional) Specify the snapshot name to use. If you do not specify a snapshot
# name, the VirtualBox MachineManager will use the current snapshot.
# Example (Snapshot1 is the snapshot name):
snapshot = 2015-12-14

# (Optional) Specify the name of the network interface that should be used
# when dumping network traffic from this machine with tcpdump. If specified,
# overrides the default interface specified in cuckoo.conf
# Example (vboxnet0 is the interface name):
interface = eth0

# (Optional) Specify the IP of the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the IP address for the Result Server as your machine sees it. If you don't specify an
# address here, the machine will use the default value from cuckoo.conf.
# NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.
# Example:
# resultserver_ip = 192.168.232.140

# (Optional) Specify the port for the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the port for the Result Server as your machine sees it. If you don't specify a port
# here, the machine will use the default value from cuckoo.conf.
# Example:
# resultserver_port = 2042

# (Optional) Set your own tags. These are comma separated and help to identify
# specific VMs. You can run samples on VMs with tag you require.
# tags = windows_xp_sp3,32_bit,acrobat_reader_6

root@ubuntu:/home/x/Desktop/cuckoo/conf# cat cuckoo.conf
[cuckoo]
# Enable or disable startup version check. When enabled, Cuckoo will connect
# to a remote location to verify whether the running version is the latest
# one available.
version_check = off

# If turned on, Cuckoo will delete the original file after its analysis
# has been completed.
delete_original = off

# If turned on, Cuckoo will delete the copy of the original file in the
# local binaries repository after the analysis has finished. (On *nix this
# will also invalidate the file called "binary" in each analysis directory,
# as this is a symlink.)
delete_bin_copy = off

# Specify the name of the machinery module to use, this module will
# define the interaction between Cuckoo and your virtualization software
# of choice.
machinery = virtualbox

# Enable creation of memory dump of the analysis machine before shutting
# down. Even if turned off, this functionality can also be enabled at
# submission. Currently available for: VirtualBox and libvirt modules (KVM).
memory_dump = on

# When the timeout of an analysis is hit, the VM is just killed by default.
# For some long-running setups it might be interesting to terminate the
# moinitored processes before killing the VM so that connections are closed.
terminate_processes = off

# Enable automatically re-schedule of "broken" tasks each startup.
# Each task found in status "processing" is re-queued for analysis.
reschedule = off

# Enable processing of results within the main cuckoo process.
# This is the default behavior but can be switched off for setups that
#  require high stability and process the results in a separate task.
process_results = on

# Limit the amount of analysis jobs a Cuckoo process goes through.
# This can be used together with a watchdog to mitigate risk of memory leaks.
max_analysis_count = 0

# Limit the number of concurrently executing analysis machines.
# This may be useful on systems with limited resources.
# Set to 0 to disable any limits.
max_machines_count = 0

# Minimum amount of free space (in MB) available before starting a new task. 
# This tries to avoid failing an analysis because the reports can't be written 
# due out-of-diskspace errors. Setting this value to 0 disables the check.
# (Note: this feature is currently not supported under Windows.)
freespace = 64

# Temporary directory containing the files uploaded through Cuckoo interfaces
# (web.py, api.py, Django web interface).
tmppath = /tmp

[resultserver]
# The Result Server is used to receive in real time the behavioral logs
# produced by the analyzer.
# Specify the IP address of the host. The analysis machines should be able
# to contact the host through such address, so make sure it's valid.
# NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option
# `resultserver_ip` for all your virtual machines in machinery configuration.
ip = 192.168.232.139

# Specify a port number to bind the result server on.
port = 2042

# Should the server write the legacy CSV format?
# (if you have any custom processing on those, switch this on)
store_csvs = off

# Maximum size of uploaded files from VM (screenshots, dropped files, log)
# The value is expressed in bytes, by default 10Mb.
upload_max_size = 104857600

[processing]
# Set the maximum size of analyses generated files to process. This is used
# to avoid the processing of big files which may take a lot of processing
# time. The value is expressed in bytes, by default 100Mb.
analysis_size_limit = 104857600

# Enable or disable DNS lookups.
resolve_dns = on

# Enable PCAP sorting, needed for the connection content view in the web interface.
sort_pcap = on

[database]
# Specify the database connection string.
# Examples, see documentation for more:
# sqlite:///foo.db
# postgresql://foo:bar@localhost:5432/mydatabase
# mysql://foo:bar@localhost/mydatabase
# If empty, default is a SQLite in db/cuckoo.db.
connection =

# Database connection timeout in seconds.
# If empty, default is set to 60 seconds.
timeout = 600

[timeouts]
# Set the default analysis timeout expressed in seconds. This value will be
# used to define after how many seconds the analysis will terminate unless
# otherwise specified at submission.
default = 120

# Set the critical timeout expressed in seconds. After this timeout is hit
# Cuckoo will consider the analysis failed and it will shutdown the machine
# no matter what. When this happens the analysis results will most likely
# be lost. Make sure to have a critical timeout greater than the
# default timeout.
critical = 600

# Maximum time to wait for virtual machine status change. For example when
# shutting down a vm. Default is 300 seconds.
vm_state = 300

test connection [ note: connection is bridge with eth0 on virtualbox ]

root@ubuntu:/home/x/Desktop/cuckoo/conf# ping 192.168.232.140
PING 192.168.232.140 (192.168.232.140) 56(84) bytes of data.
64 bytes from 192.168.232.140: icmp_seq=1 ttl=128 time=1.52 ms
64 bytes from 192.168.232.140: icmp_seq=2 ttl=128 time=1.27 ms
64 bytes from 192.168.232.140: icmp_seq=3 ttl=128 time=1.60 ms

test port:

root@ubuntu:/home/x/Desktop/cuckoo/conf# telnet 192.168.232.140 8000
Trying 192.168.232.140...
Connected to 192.168.232.140.
Escape character is '^]'.
s
<head>
<title>Error response</title>
</head>
<body>
<h1>Error response</h1>
<p>Error code 400.
<p>Message: Bad request syntax ('s').
<p>Error code explanation: 400 = Bad request syntax or unsupported method.
</body>
Connection closed by foreign host.

any suggestion ? what's the problem/ or what i forgot to do ?

[jbremer]

Did you start the VM yourself? Cuckoo will do this for you :-)

[Ali-Razmjoo]

nerd question, i found problem, used

find . -type d -exec chmod 777 {} \;
find . -type f -exec chmod 777 {} \;
find . -type d -exec chown myuser:myuser {} \;
find . -type f -exec chown myuser:myuser {} \;

in cuckoo directory to change user privileges and new problem, why this error happened ?

x@ubuntu:~/Desktop/cuckoo$ python cuckoo.py 

                          .:                 
                          ::                 
    .-.     ,  :   .-.    ;;.-.  .-.   .-.   
   ;       ;   ;  ;       ;; .' ;   ;';   ;' 
   `;;;;'.'`..:;._`;;;;'_.'`  `.`;;'  `;;'

 Cuckoo Sandbox 1.2
 www.cuckoosandbox.org
 Copyright (c) 2010-2015

/usr/local/lib/python2.7/dist-packages/sqlalchemy/sql/compiler.py:572: SAWarning: Can't resolve label reference 'added_on desc'; converting to text() (this warning may be suppressed after 10 occurrences)
  util.ellipses_string(element.element))
2015-12-14 19:45:23,868 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" machine manager
2015-12-14 19:45:25,490 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2015-12-14 19:45:25,500 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
/usr/local/lib/python2.7/dist-packages/sqlalchemy/sql/compiler.py:572: SAWarning: Can't resolve label reference 'priority desc, added_on'; converting to text() (this warning may be suppressed after 10 occurrences)
  util.ellipses_string(element.element))
2015-12-14 19:45:26,553 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/tmp/cuckoo-tmp/upload_QybTtS/1.exe" (task=3)
2015-12-14 19:45:26,601 [lib.cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run
Traceback (most recent call last):
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 363, in run
    success = self.launch_analysis()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 214, in launch_analysis
    if not self.check_file():
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 92, in check_file
    sha256 = File(self.task.target).get_sha256()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 155, in get_sha256
    if not self._sha256: self.calc_hashes()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 106, in calc_hashes
    for chunk in self.get_chunks():
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 92, in get_chunks
    with open(self.file_path, "rb") as fd:
IOError: [Errno 2] No such file or directory: u'/tmp/cuckoo-tmp/upload_QybTtS/1.exe'
2015-12-14 19:45:27,701 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/tmp/cuckoo-tmp/upload_sPUWd4/1.exe" (task=4)
2015-12-14 19:45:27,706 [lib.cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run
Traceback (most recent call last):
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 363, in run
    success = self.launch_analysis()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 214, in launch_analysis
    if not self.check_file():
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 92, in check_file
    sha256 = File(self.task.target).get_sha256()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 155, in get_sha256
    if not self._sha256: self.calc_hashes()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 106, in calc_hashes
    for chunk in self.get_chunks():
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 92, in get_chunks
    with open(self.file_path, "rb") as fd:
IOError: [Errno 2] No such file or directory: u'/tmp/cuckoo-tmp/upload_sPUWd4/1.exe'
2015-12-14 19:45:28,756 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/tmp/cuckoo-tmp/upload_mkOPVf/1.exe" (task=5)
2015-12-14 19:45:28,758 [lib.cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run
Traceback (most recent call last):
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 363, in run
    success = self.launch_analysis()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 214, in launch_analysis
    if not self.check_file():
  File "/home/x/Desktop/cuckoo/lib/cuckoo/core/scheduler.py", line 92, in check_file
    sha256 = File(self.task.target).get_sha256()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 155, in get_sha256
    if not self._sha256: self.calc_hashes()
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 106, in calc_hashes
    for chunk in self.get_chunks():
  File "/home/x/Desktop/cuckoo/lib/cuckoo/common/objects.py", line 92, in get_chunks
    with open(self.file_path, "rb") as fd:
IOError: [Errno 13] Permission denied: u'/tmp/cuckoo-tmp/upload_mkOPVf/1.exe'
2015-12-14 19:45:29,827 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/home/x/Desktop/1.exe" (task=1)
2015-12-14 19:45:29,895 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine cuckoo1 (label=cuckoo1)
2015-12-14 19:45:29,955 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 29340 (interface=eth0, host=192.168.232.140, dump path=/home/x/Desktop/cuckoo/storage/analyses/1/dump.pcap)
2015-12-14 19:45:35,419 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.232.140)
2015-12-14 19:47:55,790 [lib.cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully
2015-12-14 19:47:55,875 [modules.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label cuckoo1 to path /home/x/Desktop/cuckoo/storage/analyses/1/memory.dmp
2015-12-14 19:47:59,066 [lib.cuckoo.common.netlog] CRITICAL: BSON message larger than MAX_MESSAGE_LENGTH, stopping handler.
2015-12-14 19:47:59,067 [lib.cuckoo.common.netlog] CRITICAL: BSON message larger than MAX_MESSAGE_LENGTH, stopping handler.
2015-12-14 19:47:59,070 [modules.processing.memory] ERROR: Memory dump not found: to run volatility you have to enable memory_dump
2015-12-14 19:47:59,350 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/home/x/Desktop/1.exe" (task=2)
2015-12-14 19:47:59,384 [lib.cuckoo.core.scheduler] INFO: File already exists at "/home/x/Desktop/cuckoo/storage/binaries/b919b61737aad351b5b5842780bdb71ba2ace45b6e4bcea136b09f90461f5ae7"
2015-12-14 19:47:59,404 [lib.cuckoo.core.scheduler] INFO: Task #2: acquired machine cuckoo1 (label=cuckoo1)
2015-12-14 19:47:59,412 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 29515 (interface=eth0, host=192.168.232.140, dump path=/home/x/Desktop/cuckoo/storage/analyses/2/dump.pcap)
2015-12-14 19:48:04,328 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.232.140)
2015-12-14 19:48:08,263 [lib.cuckoo.common.objects] WARNING: Unable to match Yara signatures: __init__() got an unexpected keyword argument 'error_on_warning'
2015-12-14 19:48:15,686 [lib.cuckoo.core.plugins] WARNING: The processing module "VirusTotal" returned the following error: Unable to establish connection to VirusTotal: HTTP Error 403: Forbidden
2015-12-14 19:48:15,929 [lib.cuckoo.common.netlog] CRITICAL: BSON message larger than MAX_MESSAGE_LENGTH, stopping handler.
2015-12-14 19:48:15,929 [lib.cuckoo.common.netlog] CRITICAL: BSON message larger than MAX_MESSAGE_LENGTH, stopping handler.
2015-12-14 19:48:16,614 [lib.cuckoo.common.netlog] CRITICAL: BSON message larger than MAX_MESSAGE_LENGTH, stopping handler.
2015-12-14 19:48:16,614 [lib.cuckoo.common.netlog] CRITICAL: BSON message larger than MAX_MESSAGE_LENGTH, stopping handler.
2015-12-14 19:48:16,752 [lib.cuckoo.core.scheduler] INFO: Task #1: reports generation completed (path=/home/x/Desktop/cuckoo/storage/analyses/1)
2015-12-14 19:48:17,003 [lib.cuckoo.core.scheduler] INFO: Task #1: analysis procedure completed

is it because of multi task ran ? or i miss something ?

[jbremer]

Seems to be working fine now. The file not found and file permissions are not relevant here - just resubmit your earlier files.

[Ali-Razmjoo]

Did you start the VM yourself? Cuckoo will do this for you :-) yes i did, thanks for that.

Seems to be working fine now. The file not found and file permissions are not relevant here - just resubmit your earlier files. so warnings/errors will not effect on report ? i've got report just fine, i asked just to be sure.

thanks for respond.

[jbremer]

Should be fine, yes :-) If you have any other bugs let us know.

[mustafa-azzm]

you should run virtualbox and cuckoo as roor