search

monnappa22 / Limon

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect Linux malware before execution, during execution, and after execution (post-mortem analysis) by performing static, dynamic and memory analysis using open source tools
GNU General Public License v3.0
387 stars 115 forks source link

transferring file to virtual machine Error: You do not have access rights to this file #6

Open apkasac opened 8 years ago

apkasac commented 8 years ago

Hi Monnappa,

I have installed Limon, following your documents, after solving various issues, I was stopped here. Please help me on this. "transferring file to virtual machine Error: You do not have access rights to this file"

Running on Terminal root@Ubuntu-Test:~/limon_sandbox# python limon.py /root/linux_malwares/setup.py -t 60 -P Filetype: Python script, ASCII text executable File Size: 1.59 KB (1630 bytes) md5sum: 67d61bb66925ab9b35ac7bfc7442d20c ssdeep: Did not process files large enough to produce meaningful results ssdeep: 48:id58ivWO7tN0C9lElj7apdJDlGFG2VGNBk/OG52fNvVYRaOwx:iD8gsCviXaDTGFhVGnk/OG52fNvVYRaZ ssdeep: Did not process files large enough to produce meaningful results ssdeep comparison: /root/linux_malwares/setup.py matches /root/linux_reports/ssdeep_master.txt:/root/linux_malwares/setup.py (100) /root/linux_malwares/setup.py matches /root/linux_reports/ssdeep_master.txt:/root/linux_malwares/setup.py (100) /root/linux_malwares/setup.py matches /root/linux_reports/ssdeep_master.txt:/root/linux_malwares/setup.py (100) /root/linux_malwares/setup.py matches /root/linux_reports/ssdeep_master.txt:/root/linux_malwares/setup.py (100)

Strings: Ascii strings written to /root/linux_reports/setup.py/strings_ascii.txt

Unicode strings written to /root/linux_reports/setup.py/strings_unicode.txt

Malware Capabilities and classification using YARA rules:

[]

Virustotal:

Cannot get results from Virustotal: <urlopen error [Errno -3] Temporary failure in name resolution>

Starting virtual machine for analysis ...done... adding ip port redirection entries Chain PREROUTING (policy ACCEPT) target prot opt source destination
REDIRECT udp -- anywhere anywhere udp dpts:2:6 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:8 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:10:12 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:14:16 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:msp redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:20:36 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:38:52 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:54:bootpc redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:gopher:122 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:124:who redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:515:65535 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:echo redir ports 7 REDIRECT udp -- anywhere anywhere udp dpt:discard redir ports 9 REDIRECT udp -- anywhere anywhere udp dpt:daytime redir ports 13 REDIRECT udp -- anywhere anywhere udp dpt:17 redir ports 17 REDIRECT udp -- anywhere anywhere udp dpt:chargen redir ports 19 REDIRECT udp -- anywhere anywhere udp dpt:time redir ports 37 REDIRECT udp -- anywhere anywhere udp dpt:domain redir ports 53 REDIRECT udp -- anywhere anywhere udp dpt:tftp redir ports 69 REDIRECT udp -- anywhere anywhere udp dpt:ntp redir ports 123 REDIRECT udp -- anywhere anywhere udp dpt:syslog redir ports 514 REDIRECT tcp -- anywhere anywhere tcp dpts:2:6 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:8:12 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:14:16 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:msp redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:ftp-data redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:ssh:24 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:26:36 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:38:52 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:54:78 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:81:pop2 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:sunrpc:112 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:114:442 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:snpp:kpasswd redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:466:ftps-data redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:991:ircs redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:996:6666 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:6668:65535 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:echo redir ports 7 REDIRECT tcp -- anywhere anywhere tcp dpt:daytime redir ports 13 REDIRECT tcp -- anywhere anywhere tcp dpt:qotd redir ports 17 REDIRECT tcp -- anywhere anywhere tcp dpt:chargen redir ports 19 REDIRECT tcp -- anywhere anywhere tcp dpt:ftp redir ports 21 REDIRECT tcp -- anywhere anywhere tcp dpt:smtp redir ports 25 REDIRECT tcp -- anywhere anywhere tcp dpt:time redir ports 37 REDIRECT tcp -- anywhere anywhere tcp dpt:domain redir ports 53 REDIRECT tcp -- anywhere anywhere tcp dpt:finger redir ports 79 REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 80 REDIRECT tcp -- anywhere anywhere tcp dpt:pop3 redir ports 110 REDIRECT tcp -- anywhere anywhere tcp dpt:auth redir ports 113 REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 443 REDIRECT tcp -- anywhere anywhere tcp dpt:urd redir ports 465 REDIRECT tcp -- anywhere anywhere tcp dpt:ftps redir ports 990 REDIRECT tcp -- anywhere anywhere tcp dpt:pop3s redir ports 995 REDIRECT tcp -- anywhere anywhere tcp dpt:ircd redir ports 6667 REDIRECT udp -- anywhere anywhere udp dpts:2:6 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:8 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:10:12 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:14:16 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:msp redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:20:36 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:38:52 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:54:bootpc redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:gopher:122 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:124:who redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:515:65535 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:echo redir ports 7 REDIRECT udp -- anywhere anywhere udp dpt:discard redir ports 9 REDIRECT udp -- anywhere anywhere udp dpt:daytime redir ports 13 REDIRECT udp -- anywhere anywhere udp dpt:17 redir ports 17 REDIRECT udp -- anywhere anywhere udp dpt:chargen redir ports 19 REDIRECT udp -- anywhere anywhere udp dpt:time redir ports 37 REDIRECT udp -- anywhere anywhere udp dpt:domain redir ports 53 REDIRECT udp -- anywhere anywhere udp dpt:tftp redir ports 69 REDIRECT udp -- anywhere anywhere udp dpt:ntp redir ports 123 REDIRECT udp -- anywhere anywhere udp dpt:syslog redir ports 514 REDIRECT tcp -- anywhere anywhere tcp dpts:2:6 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:8:12 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:14:16 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:msp redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:ftp-data redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:ssh:24 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:26:36 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:38:52 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:54:78 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:81:pop2 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:sunrpc:112 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:114:442 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:snpp:kpasswd redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:466:ftps-data redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:991:ircs redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:996:6666 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:6668:65535 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:echo redir ports 7 REDIRECT tcp -- anywhere anywhere tcp dpt:daytime redir ports 13 REDIRECT tcp -- anywhere anywhere tcp dpt:qotd redir ports 17 REDIRECT tcp -- anywhere anywhere tcp dpt:chargen redir ports 19 REDIRECT tcp -- anywhere anywhere tcp dpt:ftp redir ports 21 REDIRECT tcp -- anywhere anywhere tcp dpt:smtp redir ports 25 REDIRECT tcp -- anywhere anywhere tcp dpt:time redir ports 37 REDIRECT tcp -- anywhere anywhere tcp dpt:domain redir ports 53 REDIRECT tcp -- anywhere anywhere tcp dpt:finger redir ports 79 REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 80 REDIRECT tcp -- anywhere anywhere tcp dpt:pop3 redir ports 110 REDIRECT tcp -- anywhere anywhere tcp dpt:auth redir ports 113 REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 443 REDIRECT tcp -- anywhere anywhere tcp dpt:urd redir ports 465 REDIRECT tcp -- anywhere anywhere tcp dpt:ftps redir ports 990 REDIRECT tcp -- anywhere anywhere tcp dpt:pop3s redir ports 995 REDIRECT tcp -- anywhere anywhere tcp dpt:ircd redir ports 6667 REDIRECT udp -- anywhere anywhere udp dpts:2:6 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:8 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:10:12 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:14:16 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:msp redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:20:36 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:38:52 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:54:bootpc redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:gopher:122 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:124:who redir ports 1 REDIRECT udp -- anywhere anywhere udp dpts:515:65535 redir ports 1 REDIRECT udp -- anywhere anywhere udp dpt:echo redir ports 7 REDIRECT udp -- anywhere anywhere udp dpt:discard redir ports 9 REDIRECT udp -- anywhere anywhere udp dpt:daytime redir ports 13 REDIRECT udp -- anywhere anywhere udp dpt:17 redir ports 17 REDIRECT udp -- anywhere anywhere udp dpt:chargen redir ports 19 REDIRECT udp -- anywhere anywhere udp dpt:time redir ports 37 REDIRECT udp -- anywhere anywhere udp dpt:domain redir ports 53 REDIRECT udp -- anywhere anywhere udp dpt:tftp redir ports 69 REDIRECT udp -- anywhere anywhere udp dpt:ntp redir ports 123 REDIRECT udp -- anywhere anywhere udp dpt:syslog redir ports 514 REDIRECT tcp -- anywhere anywhere tcp dpts:2:6 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:8:12 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:14:16 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:msp redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:ftp-data redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:ssh:24 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:26:36 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:38:52 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:54:78 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:81:pop2 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:sunrpc:112 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:114:442 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:snpp:kpasswd redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:466:ftps-data redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:991:ircs redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:996:6666 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpts:6668:65535 redir ports 1 REDIRECT tcp -- anywhere anywhere tcp dpt:echo redir ports 7 REDIRECT tcp -- anywhere anywhere tcp dpt:daytime redir ports 13 REDIRECT tcp -- anywhere anywhere tcp dpt:qotd redir ports 17 REDIRECT tcp -- anywhere anywhere tcp dpt:chargen redir ports 19 REDIRECT tcp -- anywhere anywhere tcp dpt:ftp redir ports 21 REDIRECT tcp -- anywhere anywhere tcp dpt:smtp redir ports 25 REDIRECT tcp -- anywhere anywhere tcp dpt:time redir ports 37 REDIRECT tcp -- anywhere anywhere tcp dpt:domain redir ports 53 REDIRECT tcp -- anywhere anywhere tcp dpt:finger redir ports 79 REDIRECT tcp -- anywhere anywhere tcp dpt:http redir ports 80 REDIRECT tcp -- anywhere anywhere tcp dpt:pop3 redir ports 110 REDIRECT tcp -- anywhere anywhere tcp dpt:auth redir ports 113 REDIRECT tcp -- anywhere anywhere tcp dpt:https redir ports 443 REDIRECT tcp -- anywhere anywhere tcp dpt:urd redir ports 465 REDIRECT tcp -- anywhere anywhere tcp dpt:ftps redir ports 990 REDIRECT tcp -- anywhere anywhere tcp dpt:pop3s redir ports 995 REDIRECT tcp -- anywhere anywhere tcp dpt:ircd redir ports 6667

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain OUTPUT (policy ACCEPT) target prot opt source destination

Chain POSTROUTING (policy ACCEPT) target prot opt source destination

cleaning inetsim log directory cleaning inetsim report directory starting inetsim Waiting for all the services to start INetSim 1.2.5 (2014-05-24) by Matthias Eckert & Thomas Hungenberg PIDfile '/var/run/inetsim.pid' exists - INetSim already running? transferring file to virtual machine Error: You do not have access rights to this file

Exiting the program root@Ubuntu-Test:~/limon_sandbox#

apkasac commented 8 years ago

HI, Thanks for the solution, It worked for me. I need to give username and password of root account for the analysis machine in conf file.

apkasac commented 8 years ago

One more problem is there:-

Traceback (most recent call last): File "limon.py", line 479, in inetsim_log_data = inetsim.get_inetsim_log_data() File "/root/limon_sandbox/dyan.py", line 85, in get_inetsim_log_data log_data = open(service_log).read() IOError: [Errno 2] No such file or directory: '/usr/share/inetsim/log/service.log'

qiqingh commented 3 years ago

Hi apkasac, did you solve the IOError of no service.log?