jekil
commented
8 years ago Are you using python 2.7 on virtual machine? Could you please give more details about your setup and the sample you are analying?
Closed gllpellegrino closed 8 years ago
jekil
commented
8 years ago Are you using python 2.7 on virtual machine? Could you please give more details about your setup and the sample you are analying?
gllpellegrino
commented
8 years ago Yes, I'm using python 2.7 on both the virtual machine and the host.
Which kind of details do you need about the setup (which files)?
About the binary, it's a malware sample.
2016-01-29 23:13 GMT+01:00 Alessandro Tanasi notifications@github.com:
Are you using python 2.7 on virtual machine? Could you please give more details about your setup and the sample you are analying?
— Reply to this email directly or view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/741#issuecomment-176992795 .
jbremer
commented
8 years ago That's a pretty messed up issue / traceback. Are you able to reproduce it? Can you tell us more about your environment (all packages and versions etc on the host)?
gllpellegrino
commented
8 years ago I'm running an Ubuntu 14.04 64 bit on the host. I've attached a list of all the installed packages.
About the issue, I can reproduce it running other samples (still .exe files) .
Thank you for your help anyway.
jbremer
commented
8 years ago Hmm, could you try pip install -r requirements.txt and then restart Cuckoo? That file contains versions of the various Python libraries that we know are properly supported (and close to the latest).
gllpellegrino
commented
8 years ago It crushes when trying to install "http://pefile.googlecode.com/files/pefile-1.2.10-139.tar.gz#egg=pefile"
Downloading http://pefile.googlecode.com/files/pefile-1.2.10-139.tar.gz (57kB)
100% |████████████████████████████████| 57kB 396kB/s
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-f_anblct/pefile
jbremer
commented
8 years ago Never seen that error before.. implies that the setup.py has invalid Python syntax, but this exact package is definitely installed on other boxes that we manage. Anyway, can you remove the pefile entry from the requirements.txt file? It's optional anyway. Then try again.
gllpellegrino
commented
8 years ago Well ... it crushes again trying to compile cffi.
creating build/temp.linux-x86_64-3.4/c x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fPIC -DUSE__THREAD -I/usr/include/python3.4m -c c/_cffi_backend.c -o build/temp.linux-x86_64-3.4/c/_cffi_backend.o c/_cffi_backend.c:2:20: fatal error: Python.h: File o directory non esistente
^
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1----------------------------------------Command "/usr/bin/python3.4 -u -c "import setuptools, tokenize;file='/tmp/pip-build-o_tjp4t5/cffi/setup.py';exec(compile(getattr(tokenize, 'open', open)(file).read().replace('\r\n', '\n'), file, 'exec'))" install --record /tmp/pip-73u8gowu-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-o_tjp4t5/cffi
I have that header, indeed:
~/cuckoo$ apt-file search --regexp '/Python.h$' libpython2.7-dbg: /usr/include/python2.7_d/Python.h libpython2.7-dev: /usr/include/python2.7/Python.h libpython3.4-dbg: /usr/include/python3.4dm/Python.h libpython3.4-dev: /usr/include/python3.4m/Python.h pypy-dev: /usr/lib/pypy/include/Python.h
jbremer
commented
8 years ago Well, for that please refer to the documentation. apt-get install python-dev libffi-dev
gllpellegrino
commented
8 years ago but I have both of them installed, and nothing changes
gllpellegrino
commented
8 years ago apt-get install python-dev libffi-dev
Lettura elenco dei pacchetti... Fatto
Generazione albero delle dipendenze
Lettura informazioni sullo stato... Fatto
python-dev è già alla versione più recente. (// already up to the most recent version)
libffi-dev è già alla versione più recente. (// already up to the most recent version)
0 aggiornati, 0 installati, 0 da rimuovere e 112 non aggiornati.
jekil
commented
8 years ago I will suggest to debug issues for each dependecy, then move to cuckoo. BTW it is really weird, usually it is pretty much straightforward to setup everything, I will also suggest to check your system.
gtback
commented
8 years ago Hi @ghibbster: All of the errors I'm seeing seem to suggest that you're running Python 3. The package list you attached includes libpython2.7-dev but not libpython3.4-dev, which could explain the "Python.h not found" error if your build command (python setup.py install or pip install) is actually invoking the Python 3 versions. Also, the SyntaxError on the line except ImportError, excp: suggests Python 3, since that syntax for catching exceptions was removed in Python 3.
Try running which python, which pip and python --version and reporting the results. If you can adjust your PATH or other environment settings so that you're using Python 2, I believe the issues should go away.
gllpellegrino
commented
8 years ago @gtback thanks for your tips. That's the iutput I get:
$ which python /usr/bin/python $ which pip /usr/local/bin/pip $ python --version Python 2.7.6
gtback
commented
8 years ago Hmm, that's really strange then. I can't explain it. Sorry :frowning:
jbremer
commented
8 years ago Given three people have no idea what's going wrong (myself included), I suggest you either reinstall your machine or use a different one for trying out Cuckoo ;-)
jbremer
commented
8 years ago Closing this issue as an impossible issue related to your system.
microbot007
commented
8 years ago I am configuring cuckoo and followed the installation guide properly and also configured virtual.conf but still at end on running cuckoo.py i m getting following errors:
2016-11-01 18:24:34,840 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-11-01 18:24:35,095 [lib.cuckoo.common.abstracts] WARNING: Configuration details about machine win7 are missing: Option win7 is not found in configuration, error: Config instance has no attribute 'win7' 2016-11-01 18:24:35,674 [root] CRITICAL: CuckooCriticalError: No machines available.
doomedraven
commented
8 years ago you configured your virtual box wrong no win7 exits
On 1 Nov 2016, at 14:04, microbot007 <notifications@github.com mailto:notifications@github.com> wrote:
I am configuring cuckoo and followed the installation guide properly and also configured virtual.conf but still at end on running cuckoo.py i m getting following errors:
2016-11-01 18:24:34,840 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-11-01 18:24:35,095 [lib.cuckoo.common.abstracts] WARNING: Configuration details about machine win7 are missing: Option win7 is not found in configuration, error: Config instance has no attribute 'win7' 2016-11-01 18:24:35,674 [root] CRITICAL: CuckooCriticalError: No machines available.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/741#issuecomment-257561224, or mute the thread https://github.com/notifications/unsubscribe-auth/ABxT7zevpQfsNIrK2UuZLgcw82ijFC1jks5q5zjPgaJpZM4HPU-T.
microbot007
commented
8 years ago @doomedraven : this is my virtualbox.conf, i have done it according to guide..
[virtualbox]
mode = headless
path = /usr/bin/VBoxManage
interface = vboxnet0
machines = win7
label = win7
platform = Windows
ip = 10.0.0.17
snapshot = snapshot1
interface = vboxnet0
[honeyd]
label = honeyd platform = linux ip = 10.0.0.16
tags = service, honeyd
options = nictrace noagent
jbremer
commented
8 years ago Feel free to show us where in the guide it mentioned to comment out [cuckoo1], which, for your case, should be [win7].
microbot007
commented
8 years ago Sorry, later i corrected [cuckoo1] to [win7] and uncommented. but then i m getting below error:
2016-11-01 20:21:08,927 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-11-01 20:22:21,981 [root] CRITICAL: CuckooCriticalError: Please update your configuration. Unable to shut 'win7' down or find the machine in its proper state: Timeout hit while for machine win7 to change status
doomedraven
commented
8 years ago but did you restart cuckoo.py? also can you provide screen of vbox manager with vm or execute in cli vboxmanage list vms
microbot007
commented
8 years ago yes i restart cuckoo.py.. the output is of above command is : "win7" {e88bb6e8-4e5d-44bd-9b34-b9b06d1271e6}
doomedraven
commented
8 years ago Unable to shut 'win7' down or find the machine in its proper state: Timeout hit while for machine win7 to change status
as this said, probably wrong state of snapshot? can you start vm manually and execute from host curl vm_ip:8000 you should get error 50x which mean communication with agent works fine, can you verify that?
microbot007
commented
8 years ago I ran this command and getting:
Curl:(7) Failed to connect to 10.0.0.20 port 8000: connection refused
On 1 Nov 2016 8:40 p.m., "doomedraven" notifications@github.com wrote:
Unable to shut 'win7' down or find the machine in its proper state: Timeout hit while for machine win7 to change status
as this said, probably wrong state of snapshot? can you start vm manually and execute from host curl vm_ip:8000 you should get error 50x which mean communication with agent works fine, can you verify that?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/741#issuecomment-257592103, or mute the thread https://github.com/notifications/unsubscribe-auth/AWHXjasRkXDMnNpmwQGMGiJ5OYfQZgxkks5q51Z6gaJpZM4HPU-T .
doomedraven
commented
8 years ago so basically host cuckoo can't speak with vm, that can be related to:
microbot007
commented
8 years ago 1.firewall is turned off.
:58 PM, doomedraven notifications@github.com wrote:
so basically host cuckoo can't speak with vm, that can be related to:
- vm firewall
- agent is not running(must be under admin)
- external firewall
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/741#issuecomment-257597069, or mute the thread https://github.com/notifications/unsubscribe-auth/AWHXjdojPebA-4NfzJWeuxgj2uR7ylQuks5q51qQgaJpZM4HPU-T .
doomedraven
commented
8 years ago Is added but something not allowing connection, as you saw curl result, try shutdown host firewall, and if that is a case, you will need allow communication to port 8000 in vms and 2042 on host
Best regards Andriy
El 1 nov 2016, a las 16:43, microbot007 notifications@github.com escribió:
1.firewall is turned off.
- agent is added in startup 3.should i turn off host firewall too?
:58 PM, doomedraven notifications@github.com wrote:
so basically host cuckoo can't speak with vm, that can be related to:
- vm firewall
- agent is not running(must be under admin)
- external firewall
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/741#issuecomment-257597069, or mute the thread https://github.com/notifications/unsubscribe-auth/AWHXjdojPebA-4NfzJWeuxgj2uR7ylQuks5q51qQgaJpZM4HPU-T .
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
microbot007
commented
8 years ago I tried by doing host firewall off. And yes connection is not getting set between host and guest coz I can ping guest from host but vice versa not possible.
On 1 Nov 2016 9:36 p.m., "doomedraven" notifications@github.com wrote:
Is added but something not allowing connection, as you saw curl result, try shutdown host firewall, and if that is a case, you will need allow communication to port 8000 in vms and 2042 on host
Best regards Andriy
El 1 nov 2016, a las 16:43, microbot007 notifications@github.com escribió:
1.firewall is turned off.
- agent is added in startup 3.should i turn off host firewall too?
:58 PM, doomedraven notifications@github.com wrote:
so basically host cuckoo can't speak with vm, that can be related to:
- vm firewall
- agent is not running(must be under admin)
- external firewall
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/ 741#issuecomment-257597069, or mute the thread https://github.com/notifications/unsubscribe-auth/AWHXjdojPebA- 4NfzJWeuxgj2uR7ylQuks5q51qQgaJpZM4HPU-T .
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/cuckoosandbox/cuckoo/issues/741#issuecomment-257608159, or mute the thread https://github.com/notifications/unsubscribe-auth/AWHXjXpI2FV_m7madgGUsfQcY8MpnVLuks5q52NugaJpZM4HPU-T .
doomedraven
commented
8 years ago So is your setup problem, not cuckoo
microbot007
commented
8 years ago Now both are pinging to each other. even telnet "vm_ip" 8000 is working too.
but still on running sudo python cuckoo.py i m getting::
CuckooCriticalError: Please update your configuration. Unable to shut 'win7' down or find the machine in its proper state: Timeout hit while for machine win7 to change status.
please help.
doomedraven
commented
8 years ago Did you take new snapshot after solve issue? In running state?
Best regards Andriy
El 2 nov 2016, a las 6:49, microbot007 notifications@github.com escribió:
Now both are pinging to each other. even telnet "vm_ip" 8000 is working too.
but still on running sudo python cuckoo.py i m getting::
CuckooCriticalError: Please update your configuration. Unable to shut 'win7' down or find the machine in its proper state: Timeout hit while for machine win7 to change status.
please help. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
microbot007
commented
8 years ago yes i did that too.
Please help.
doomedraven
commented
8 years ago you must investigate what is wrong with your vm as error says
CuckooCriticalError: Please update your configuration. Unable to shut 'win7' down or find the machine in its proper state
microbot007
commented
8 years ago @doomedraven : i got the problem solved. it was an issue with vm actually. i needed to run the vm through sudo. then it worked. Thanks for help!
Hello, I have followed all the installation steps provided on the website. I have tried to scan a binary file, getting this error:
npellegrino@nino:~/cuckoo$ python cuckoo.py
___/\/_ /\/\/\/_/\//\//\/\/\//\//\//\/\/__/\/\/ /\/____/\//\//\/____/\/\/\//\//\//\/**/\/ /\//\//\//\/____/\/\/\/____/\//\//\//\/ /\/\/\//\/\/\//\/\/\//\/**/\/__/\/\/__/\/\/___
Cuckoo Sandbox 2.0-dev www.cuckoosandbox.org Copyright (c) 2010-2015
Checking for updates... Outdated! Cuckoo Sandbox version 2.0-rc1 is available now. 2016-01-29 16:29:26,511 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-01-29 16:29:27,034 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-01-29 16:29:27,042 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2016-01-29 16:30:30,767 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "XXXX.exe" (task #1, options "") 2016-01-29 16:30:30,811 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine CUCKOO (label=CUCKOO) 2016-01-29 16:30:30,817 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 11736 (interface=vboxnet0, host=192.168.56.101, pcap=/home/npellegrino/cuckoo/storage/analyses/1/dump.pcap) tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 65535 bytes 2016-01-29 16:30:33,214 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=CUCKOO, ip=192.168.56.101) 5 packets captured 7 packets received by filter 0 packets dropped by kernel 2016-01-29 16:30:41,000 [lib.cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/home/npellegrino/cuckoo/lib/cuckoo/core/scheduler.py", line 447, in run self.launch_analysis() File "/home/npellegrino/cuckoo/lib/cuckoo/core/scheduler.py", line 339, in launch_analysis self.guest_manage(options) File "/home/npellegrino/cuckoo/lib/cuckoo/core/scheduler.py", line 257, in guest_manage guest.start_analysis(options, monitor) File "/home/npellegrino/cuckoo/lib/cuckoo/core/guest.py", line 389, in start_analysis self.old.start_analysis(options, monitor) File "/home/npellegrino/cuckoo/lib/cuckoo/core/guest.py", line 155, in start_analysis self.upload_analyzer(monitor) File "/home/npellegrino/cuckoo/lib/cuckoo/core/guest.py", line 127, in upload_analyzer self.server.add_analyzer(data) File "/usr/lib/python2.7/xmlrpclib.py", line 1233, in call return self.send(self.name, args) File "/usr/lib/python2.7/xmlrpclib.py", line 1587, in request verbose=self.verbose File "/usr/lib/python2.7/xmlrpclib.py", line 1273, in request return self.single_request(host, handler, request_body, verbose) File "/usr/lib/python2.7/xmlrpclib.py", line 1306, in single_request return self.parse_response(response) File "/usr/lib/python2.7/xmlrpclib.py", line 1482, in parse_response return u.close() File "/usr/lib/python2.7/xmlrpclib.py", line 794, in close raise Fault(**self._stack[0]) Fault: :ZipFile instance has no attribute 'exit'">
Any ideas on how can I get that fixed please ? Thank you very much