search

hatching / vmcloak

Automated Virtual Machine Generation and Cloaking for Cuckoo Sandbox.
483 stars 120 forks source link

Broken Adobe Install, E_ACCESSDENIED #152

Open remtcsdev opened 5 years ago

remtcsdev commented 5 years ago

The command...

vmcloak install seven0 adobepdf adobepdf.version=11.0.19 --debug

...run on a Windows 7 VM results in...

DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createvm', '--register', '--name', 'test', '--basefolder', '/home/pass/.vmcloak/vms']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--ostype', 'Windows7_64']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--ioapic', 'on', '--cpus', '2']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--mouse', 'usbtablet']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--memory', '2048']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--vram', '16']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storagectl', u'test', '--add', 'ide', '--name', 'IDE']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyhd', u'/home/pass/.vmcloak/image/test.vdi', '--type', 'normal']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'test', '--storagectl', 'IDE', '--device', '0', '--type', 'hdd', '--medium', '/home/pass/.vmcloak/image/test.vdi', '--port', '0']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'test', '--storagectl', 'IDE', '--device', '0', '--type', 'dvddrive', '--medium', 'emptydrive', '--port', '1']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'list', 'hostonlyifs']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--nictype1', '82540EM', '--cableconnected1', 'on', '--nicpromisc1', 'allow-all', '--hostonlyadapter1', 'vboxnet0', '--nic1', 'hostonly']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--macaddress1', '7861fb556ac4']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--paravirtprovider', 'default']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--vrdeproperty', 'VNCPassword=', '--vrdeport', '3389', '--vrde', 'on']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'startvm', u'test', '--type', 'headless']
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
INFO:vmcloak:Installing dependency adobepdf..
DEBUG:vmcloak.dependencies.adobepdf:We have a MSI upgrade package, we need the vanilla AdbeRdr installer.
DEBUG:vmcloak.agent:Executing command in VM: C:\AdbeRdr11000_en_US.exe -nos_oC:\AdobeFiles -nos_ne
DEBUG:vmcloak.agent:Executing command in VM: msiexec /i C:\AdobeFiles\AcroRead.msi /update C:\AdbeRdrUpd11019.msp /norestart /passive ALLUSERS=1 EULA_ACCEPT=YES
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\Software\WOW6432Node\Adobe\Acrobat Reader\11.0\AdobeViewer" /v EULA /t REG_DWORD /d 1 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\Software\WOW6432Node\Adobe\Acrobat Reader\11.0\AdobeViewer" /v Launched /t REG_DWORD /d 1 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral" /v bCheckForUpdatesAtStartup /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bUpdater /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bProtectedMode /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v iProtectedView /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bEnhancedSecurityStandalone /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bEnhancedSecurityInBrowser /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\TrustManager\cDefaultLaunchURLPerms" /v iURLPerms /t REG_DWORD /d 2 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchURLPerms" /v iUnknownURLPerms /t REG_DWORD /d 2 /f
DEBUG:vmcloak.agent:Executing command in VM: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms" /v tBuiltInPermList /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms" /v iUnlistedAttachmentTypePerm /t REG_DWORD /d 2 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bEnableFlash /t REG_DWORD /d 1 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Security\cDigSig\cCustomDownload" /v bLoadSettingsFromURL /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: shutdown -s -t 0
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
VBoxManage: error: The object is not ready
VBoxManage: error: Details: code E_ACCESSDENIED (0x80070005), callee nsISupports
VBoxManage: error: Context: "COMGETTER(VRDEServerInfo)(vrdeServerInfo.asOutParam())" at line 1931 of file VBoxManageInfo.cpp
ERROR:vmcloak.vm:[-] Error running command: Command '['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']' returned non-zero exit status 1
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storagectl', u'test', '--name', 'IDE', '--remove', '--portcount', '0']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyhd', u'/home/pass/.vmcloak/image/test.vdi', '--compact']
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'unregistervm', u'test', '--delete']
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Rerunning the same command seems to succeed, unclear what's going on...

DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createvm', '--register', '--name', 'test', '--basefolder', '/home/pass/.vmcloak/vms']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--ostype', 'Windows7_64']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--ioapic', 'on', '--cpus', '2']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--mouse', 'usbtablet']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--memory', '2048']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--vram', '16']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storagectl', u'test', '--add', 'ide', '--name', 'IDE']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyhd', u'/home/pass/.vmcloak/image/test.vdi', '--type', 'normal']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'test', '--storagectl', 'IDE', '--device', '0', '--type', 'hdd', '--medium', '/home/pass/.vmcloak/image/test.vdi', '--port', '0']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'test', '--storagectl', 'IDE', '--device', '0', '--type', 'dvddrive', '--medium', 'emptydrive', '--port', '1']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'list', 'hostonlyifs']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--nictype1', '82540EM', '--cableconnected1', 'on', '--nicpromisc1', 'allow-all', '--hostonlyadapter1', 'vboxnet0', '--nic1', 'hostonly']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--macaddress1', '746d31995c08']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--paravirtprovider', 'default']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'test', '--vrdeproperty', 'VNCPassword=', '--vrdeport', '3389', '--vrde', 'on']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'startvm', u'test', '--type', 'headless']
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
DEBUG:vmcloak.misc:Waiting for host 192.168.56.2
INFO:vmcloak:Installing dependency adobepdf..
DEBUG:vmcloak.dependencies.adobepdf:We have a MSI upgrade package, we need the vanilla AdbeRdr installer.
DEBUG:vmcloak.agent:Executing command in VM: C:\AdbeRdr11000_en_US.exe -nos_oC:\AdobeFiles -nos_ne
DEBUG:vmcloak.agent:Executing command in VM: msiexec /i C:\AdobeFiles\AcroRead.msi /update C:\AdbeRdrUpd11019.msp /norestart /passive ALLUSERS=1 EULA_ACCEPT=YES
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\Software\WOW6432Node\Adobe\Acrobat Reader\11.0\AdobeViewer" /v EULA /t REG_DWORD /d 1 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\Software\WOW6432Node\Adobe\Acrobat Reader\11.0\AdobeViewer" /v Launched /t REG_DWORD /d 1 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\AVGeneral" /v bCheckForUpdatesAtStartup /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bUpdater /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bProtectedMode /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v iProtectedView /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bEnhancedSecurityStandalone /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bEnhancedSecurityInBrowser /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\TrustManager\cDefaultLaunchURLPerms" /v iURLPerms /t REG_DWORD /d 2 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchURLPerms" /v iUnknownURLPerms /t REG_DWORD /d 2 /f
DEBUG:vmcloak.agent:Executing command in VM: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms" /v tBuiltInPermList /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown\cDefaultLaunchAttachmentPerms" /v iUnlistedAttachmentTypePerm /t REG_DWORD /d 2 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown" /v bEnableFlash /t REG_DWORD /d 1 /f
DEBUG:vmcloak.agent:Executing command in VM: reg add "HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\11.0\Security\cDigSig\cCustomDownload" /v bLoadSettingsFromURL /t REG_DWORD /d 0 /f
DEBUG:vmcloak.agent:Executing command in VM: shutdown -s -t 0
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storagectl', u'test', '--name', 'IDE', '--remove', '--portcount', '0']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyhd', u'/home/pass/.vmcloak/image/test.vdi', '--compact']
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'unregistervm', u'test', '--delete']
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
samwakel commented 5 years ago

When VMCloak runs /usr/bin/VBoxManage', 'showvminfo', u'test', '--machinereadable, it's simply checking to see if the VM is still running while waiting for it to shutdown after running shutdown -s -t 0. The error you received was when VMCloak tried to check the status of a VM that was in the process of being powered off. Adobe reader should have been installed successfully by that point.