Friday, November 25, 2016

Cuckoo Sandbox Installation (Part 2 of 4)

This is 2 of a 4 part series on the installation of Cuckoo Sandbox. Part 2 will focus on installing additional functionality to the Host Operating System for the Cuckoo Sandbox. 

Video Instructions
Cuckoo Sandbox Installation Part 2


Steps
All  commands are Italicize. To install the software open a terminal and copy & paste the commands. During the installation of the various software you will be prompted with the options of "Yes/No" type "Yes or Y" to all prompts.

1. Install Django-based web interface [1]
    • sudo apt-get install mongodb
2. Install TCPdump [1]
    • sudo apt-get install tcpdump
    • sudo apt-get install libcap2-bin
    • sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
    • getcap /usr/sbin/tcpdump
3. Install Volatility [2]
    • sudo apt install git
    • git clone https://github.com/volatilityfoundation/volatility.git
    • Navigate to the volatility folder 
      • cd /home/YourUserName/volatility
    • sudo python setup.py install
4. Install Volatility Plug-ins
  • Distorm3
    • Download Distorm3  
    • Navigate to the Downloads folder
      • tar -xvzf distorm-3.4.0.tar.gz
    • Navigate to the distorm-3.4.0 folder
      • cd /home/YourUserName/Downloads/distorm-3.4.0
    • sudo python setup.py install
  •  Yara [3]
    •  Install autoreconf
      • sudo apt-get install autoconf
    • Install libtool-bin
      • sudo apt-get install libtool-bin
    • Download Yara
    • Navigate to the Downloads folder
      • tar -xvzf yara-3.5.0.tar.gz
    • Navigate to the yara-3.5.0 folder
      • cd /home/YourUserName/Downloads/yara-3.5.0
    • ./bootstrap.sh
    • ./configure --with-crypto --enable-magic --enable-cuckoo
    • make
    • sudo make install 
    • sudo -H pip install yara-python
  • PyCrypto [4]
    • Download PyCrypto
    • Navigate to the Downloads folder
      • tar -xvzf pycrypto-2.6.1.tar.gz
    • Navigate to the pycrypto-2.6.1 folder
      • cd /home/YourUserName/Downloads/pycrypto-2.6.1
    •  python setup.py build
    • sudo python setup.py install
  • Openpyxl [5]
    • sudo -H pip install openpyxl
  • UJSON [6]
    • sudo -H pip install ujson
  •  IPython [7]
    • sudo -H pip install jupyter
5. Install Mitmproxy
  • sudo apt-get install python3-pip python3-dev libssl-dev libtiff5-dev libjpeg8-dev zlib1g-dev libwebp-dev
  • sudo pip3 install mitmproxy
  • mitmproxy
  • cd ~/.mitmproxy
  • cp mitmproxy-ca-cert.p12 /home/YourUserName/Downloads/cuckoo/analyzer/windows/bin/cert.p12 
  •  mitmdump = /usr/local/bin/mitmdump


References
1. Cuckoo Sandbox Documentation
2. Volatility Documentation
3. Yara Documentation
4. PyCrypto Documentation
5. OpenPyxl Documentation
6. UJSON Documentation
7. IPython Documentation


Social Media
Facebook:
https://www.facebook.com/BDavisCS/

Twitter:
@BDavis_CyberSec

23 comments:

  1. I would like to thank you for that great work. May you provide video for all parts as part one?

    ReplyDelete
    Replies
    1. How are you doing Fuad Bozaidan? Thank you the encouragement and the question!!! I will be creating videos for the remaining 3 parts of the Cuckoo Sandbox Installation within the next two weeks. Thank you for subscribing and please continue to ask questions and I will do my best to answer them. Stay hungry for knowledge!!!

      Delete
    2. Thank You For this Awesome Tutorial for installation. I would be waiting for the rest video

      Delete
  2. hey bdavis I wanted to know if same can be done for cuckoo on android and Is there any similar tutorial
    if you could explain how same can be done for cuckoo on linux and then android malware analysis it would be grate.
    my email lovina37@gmail.com

    ReplyDelete
  3. How are you doing Lovina D'mello? Thank you for asking the question about Linux machines and Android devices being able to have the Cuckoo Sandbox Agent installed. As stated in the Cuckoo Sandbox online installation documentation " This agent is designed to be cross-platform, therefore you should be able to use it on Windows as well as on Linux and OS X." Which means that as long as the guest operating system has python 2.7 installed the Cuckoo Sandbox Agent can be installed. I will try to do a blog post and YouTube video detailing the features in the near feature. I will have to get back to you on the Android device forensic tool sets but in the mean time here is a book on "Android Forensics by Andrew Hoog, ISBN: 978-1597496513, ISBN:1597496510 Once again thank you for asking the question and "Stay Hungry for knowledge!!!"

    ReplyDelete
  4. Hi BDavis, on a fresh install of Ubuntu, I also needed to install libjansson-dev and libmagic-dev before Yara would install. Also I was not able to find version 3.4 of distorm but 3.3.4 is available on their site. Thanks for the tutorial, I will let you know how it goes through pages 3 and 4.

    ReplyDelete
  5. Hi while following this step
    sudo pip3 install mitmproxy
    getting exceptions


    RuntimeError: dictionary changed size during iteration
    sys.argv ['-c', 'egg_info', '--egg-base', 'pip-egg-info']
    test compiling test_ruamel_yaml
    Complete output from command python setup.py egg_info:
    Traceback (most recent call last):

    File "/usr/lib/python3/dist-packages/pkg_resources.py", line 2273, in _dep_map

    return self.__dep_map

    File "/usr/lib/python3/dist-packages/pkg_resources.py", line 2344, in __getattr__

    raise AttributeError(attr)

    AttributeError: _Distribution__dep_map



    During handling of the above exception, another exception occurred:



    Traceback (most recent call last):

    File "", line 17, in

    File "/tmp/pip_build_root/ruamel.yaml/setup.py", line 854, in

    main()

    File "/tmp/pip_build_root/ruamel.yaml/setup.py", line 843, in main

    setup(**kw)


    This installation is not shared in ur video..Is it worth installing??

    ReplyDelete
  6. Hi bdavis
    Thank You For this Awesome Tutorial for installation. I want to install the guest with VMcloak.. So, can you please help me if you have any information about this ?

    ReplyDelete
    Replies
    1. Hi Soukaine
      I would like to know if you found something about installing guest with VMcloak. Please let me know

      Delete
  7. distorm-3.4.0.tar.gz is not available. can i use distorm-3.3.3.tar.gz?

    ReplyDelete
  8. Your article has piqued a lot of positive interest. I can see why since you have done such a good job of making it interesting.
    Cyber security training london

    ReplyDelete
  9. This comment has been removed by the author.

    ReplyDelete
  10. No such file or directory error..
    /home/YourUserName/Downloads/cuckoo/analyzer/windows/bin/cert.p12
    I have replaced YourUserName with my own computer name.But,nothing works!
    Any help would really be appreciated.

    ReplyDelete
  11. configure: error: please install Jansson library
    any solution to this error

    ReplyDelete
  12. I like your post very much. It is very much useful for my research. I hope you to share more info about this. Keep posting Cyber Security Online Training

    ReplyDelete
  13. ERROR: Command errored out with exit status 1:
    command: /usr/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-e55zz_54/cuckoo/setup.py'"'"'; __file__='"'"'/tmp/pip-install-e55zz_54/cuckoo/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-r5v7x4kd
    cwd: /tmp/pip-install-e55zz_54/cuckoo/
    Complete output (1 lines):
    Cuckoo is Python2-only at the moment! Please use Python 2 to install it, i.e., `pip2 install -U cuckoo`.
    ----------------------------------------
    ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output.

    when I use pip install -U cuckoo , I am getting the above error.What should i do?

    ReplyDelete
  14. This is a really fascinating and useful blog. I've read a lot of blogs lately, but your writing style is quite distinct and insightful. If you've read my articles, please go to the next step.

    Cyber Security Course

    ReplyDelete
  15. This is excellent news for me; thank you for sharing it, buddy!
    Cyber Security Interview Questions

    ReplyDelete
  16. Thank You and I have a dandy supply: How Much Is A Complete House Renovation brick house exterior makeover

    ReplyDelete