doomedraven
commented
8 years ago you provided problems, but nothing about your setup, so provide more info, os, version, logs, etc etc etc
Closed phate1 closed 8 years ago
doomedraven
commented
8 years ago you provided problems, but nothing about your setup, so provide more info, os, version, logs, etc etc etc
phate1
commented
8 years ago apologies for that, so i mentioned above im on ubuntu 16.04 server. it's a VM running on ESXi 6 cuckoo is the latest version from this git. the logs as mentioned don't give me much, if I put debugging on it just says importing modules in the cuckoo log. syslog shows this: cuckoo kernel: [261694.197900] python[5576]: segfault at 0 ip (null) sp 00007ffd7f805768 error 14 in python2.7[400000+2e9000]
unfortunately if you need anymore your going to have to give me a hint as I don't know where else to go for logs that would give any more info or anything else that may help.
doomedraven
commented
8 years ago well is not cuckoo's erros, is soemthign with your setup, i have it on ubuntu 16.04 but with kvm not esxi, but people here use it, you can search in issues
try first make volatility work standalone(vol.py -h at least should works) without cuckoo the same for pycrypto
try this :
pip install distorm3 pycrypto openpyxl git+https://github.com/volatilityfoundation/volatility.git PyCrypto
phate1
commented
8 years ago yep I'm aware it's not a fault with cuckoo. before I tried to get this version working I had the standard version working well with ESXi so that side of it should be fine. vol.py -h works fine no problems
the install stated above went through with it saying everything was already installed I think:
Collecting git+https://github.com/volatilityfoundation/volatility.git Cloning https://github.com/volatilityfoundation/volatility.git to /tmp/pip-qPH_CK-build Requirement already satisfied (use --upgrade to upgrade): volatility==2.5 from git+https://github.com/volatilityfoundation/volatility.git in /usr/local/lib/python2.7/dist-packages/volatility-2.5-py2.7.egg Requirement already satisfied (use --upgrade to upgrade): distorm3 in /usr/local/lib/python2.7/dist-packages Requirement already satisfied (use --upgrade to upgrade): pycrypto in /usr/local/lib/python2.7/dist-packages Requirement already satisfied (use --upgrade to upgrade): openpyxl in /usr/local/lib/python2.7/dist-packages Requirement already satisfied (use --upgrade to upgrade): jdcal in /usr/local/lib/python2.7/dist-packages (from openpyxl) Requirement already satisfied (use --upgrade to upgrade): et_xmlfile in /usr/local/lib/python2.7/dist-packages (from openpyxl)
I did find an example usage for pycrypto that I believe is using the library so i used this in interpreter as you see below and it had no problems
from Crypto.Cipher import DES des = DES.new('01234567', DES.MODE_ECB) text = 'abcdefgh' cipher_text = des.encrypt(text) cipher_text '\xec\xc2\x9e\xd9] a\xd0' des.decrypt(cipher_text) 'abcdefgh'
doomedraven
commented
8 years ago then no idea what can be wrong if it works as standalone they should work with cuckoo, no idea how to help you here
phate1
commented
8 years ago complete wipe and started again following the guides i found in the docs section in this git that i didnt know about before and no more probs, thanks for taking the time to look at this.
having some issues setting up hope you guys can help: I'm on ubuntu 16.04 server loosely following https://infosecspeakeasy.org/t/howto-build-a-cuckoo-sandbox/27
i got to the point of trying to start cuckoo and got a segmentation fault core dump almost straight away the debug only showed importing modules, I dug around and found the issue was when it was trying to import modules.processing.memory and seemed to be heavily related to volatility so uninstalled that and the module imported ok, so first problem is why I can't start with volatility installed from the official repo.
still getting a segmentation fault but this time on modules.processing.static and removing pycrypto stops the dump bit then it complains with "Unable to import plugin "modules.processing.static": No module named Crypto.Cipher" the strange thing about this one is if I import manually from the interpreter it imports fine bit more digging I found I could get it to do the segmentation fault by importing one of the other modules first and then static seems any of the modules first causes the issue although I must admit I didn't try them all but all the ones I tried caused the error, I could put static first and then import all the other modules into the interpreter no problem but just one before static and it falls over/
unfortunately I'm not out of my depth and out of ideas very welcome