Video Instructions
Cuckoo Sandbox Installation Part 3
Steps
To edit the configuration files:
- Open a terminal
- Navigate to the directory of the configuration files
- /home/YourUserName/Downloads/cuckoo/conf
- Open a specific file using nano editor
- nano FileName
- Replace the value on the right side of the equal sign with a corresponding value (i.e replace "yes" with "no", or change a numerical value).
- Note: The items in "[ ]" are the section heads within the specific configuration file.
- Nano editor Basics
- To save the edited file hold the "Ctrl" button on your keyboard and press the "x" button on your keyboard.
- Type "Y"
- How to Find the IP Address of your Windows virtual machine:
- 1. Power on the VM.
- 2. Open a command prompt and type the command:
- ipconfig
- How to Find the Network Interface of your virtual machine:
- 1. Open a terminal
- 2. Type the command:
- ifconfig
- Look the IP Address range which your VM's IP Address falls within. To the left of the IP Address range will be the name of the Network Interface associated with it. Below is a picture containing an example:
-
- How to Find the vmx_path:
- Type the following command:
- find / -name "*.vmx"
- How to Find the IP Address of your host machine:
- 1. Open a terminal
- 2. Type the command:
- ifconfig
Configuration Files[1]
- cuckoo.conf
- nano cuckoo.conf
- [cuckoo]
- memory_dump = on
- machinery = virtualbox or vmware
- [resultserver]
- ip = ip address of the host system not the virtual machine.
- auxiliary.conf
- nano auxiliary.conf
- [mitm]
- enable = yes
- [sniffer]
- interface = the network interface of your virtual machine
- vmware.conf
- nano vmware.conf
- [vmware]
- machines = name of virtual machine
- interface = name of the network interface for the virtual machine
- [Name_of_the_Virtual_Machine]
- vmx_path = ../name_of_virtual_machine/ name_of_virtual_machine.vmx
- ip = ip address of the virtual machine
- processing.conf
- nano processing.conf
- [memory]
- enable = yes
- memory.conf
- nano memory.conf
- [basic]
- guest_profile = volatility's profile name for your guest operating system
- Here are a list of profile names for the various Windows operating systems
-
- reporting.conf
- nano reporting.conf
- [reporthtml]
- enable = yes
- [mongodb]
- enable = yes
1. Cuckoo Sandbox Configuration Files
Social Media
Facebook:
https://www.facebook.com/BDavisCS/
Twitter:
@BDavis_CyberSec
hi bdavis
ReplyDeletecan You please provide video for this part also.
Hi Shankar Kumar Chaudhary. Thank you reading the blog post. I will have a video for this post and the next by the end of next week. But feel free to try the steps without the video and if you run into any issues just leave me a note in the comments sections and I'll respond in a timely manner. I'm glad you are taking an interest in Malware Analyst keep with it. As always "Stay Hungry for Knowledge"!!!!
ReplyDeleteCuckooCriticalError: Error initializing machines: VMware vmrun not found in specified path /usr/bin/vmrun
DeleteI am done all as u guided here but getting the above error.
Hey! Did u make this video about installation?
Deletecant find the 4th part of this blog, is there any?
ReplyDeleteHi Mohanan Suppiah. I have included a link to the 4th part of the series below:
ReplyDeletehttps://bdavis-cybersecurity.blogspot.com/2016/12/cuckoo-sandbox-installation-part-4-of-4.html
Hi BDavis.
ReplyDeleteThanks for supplying this guide - Cuckoo is notoriously difficult to engineer and you've shown us all the way forward!
Keenly awaiting the 3rd and 4th installment of the youtube guide.
Hello,
ReplyDeleteI've added the appropriate IP addresses to the config files, but I keep getting this error every time I attempt to launch cuckoo. Any idea why I'm getting this? Your help is greatly appreciated:
2017-02-24 14:28:47,168 [lib.cuckoo.core.rooter] CRITICAL: Unable to passthrough root command (nic_available) as the rooter unix socket doesn't exist.
2017-02-24 14:28:47,168 [root] CRITICAL: CuckooStartupError: The network interface that has been configured as dirty line is not available.
Hi TA,
ReplyDeleteI have researched your issues and believe i have found the Solutions:
1. https://cuckoo.sh/docs/usage/rooter.html
2. http://docs.cuckoosandbox.org/en/latest/faq/
Navigate to the "Unable to bind result server error" question.
Please let me know if they successfully resolve your issues. Thank you.
Hello bdavis,
ReplyDeleteI have got cuckoo working for android on linux for android apk analysis. but I am not getting the dynamic behaviour analysis starts normally and completes as well yet I dont get the results. Can you tell me what could be the reason ALso can you tell me the volatility profile for android on linux. I am using ubuntu 14.04 and android emulator with nexux one device.
2017-03-04 16:53:24,213 [modules.processing.memory] ERROR: Generic error executing volatility
Traceback (most recent call last):
File "/home/lovina/Downloads/cuckoo/modules/processing/memory.py", line 1022, in run
results = VolatilityManager(self.memory_path).run()
File "/home/lovina/Downloads/cuckoo/modules/processing/memory.py", line 942, in run
vol = VolatilityAPI(self.memfile, self.osprofile)
File "/home/lovina/Downloads/cuckoo/modules/processing/memory.py", line 53, in __init__
self.init_config()
File "/home/lovina/Downloads/cuckoo/modules/processing/memory.py", line 107, in init_config
self.addr_space = utils.load_as(self.config)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6-py2.7.egg/volatility/utils.py", line 65, in load_as
raise error
AddrSpaceError: No suitable address space mapping found
2017-03-04 16:53:24,245 [modules.processing.screenshots] ERROR: Could not find tesseract binary, screenshot OCR aborted.
2017-03-04 16:53:29,525 [modules.processing.network] ERROR: Failed to process packet: 'type'
Traceback (most recent call last):
File "/home/lovina/Downloads/cuckoo/modules/processing/network.py", line 621, in run
self._udp_dissect(connection, udp.data)
File "/home/lovina/Downloads/cuckoo/modules/processing/network.py", line 212, in _udp_dissect
self._add_dns(data)
File "/home/lovina/Downloads/cuckoo/modules/processing/network.py", line 351, in _add_dns
reqtuple = query["type"], query["request"]
KeyError: 'type'
I will look into it.
DeleteHi Bdavis,
ReplyDeleteThis page jumps right pass the setting up of the virtual machine. Is that in another tutorial?
Thank you for the response. I was speaking more to the setting up of the VM in terms of installation. What networking mode should be used, etc? Thank you for your responses.
ReplyDeleteThe network connection setup between your VM and the host needs to be a "Host-Only" connection. You don't want an infected VM reaching out to the internet.
DeleteThank you very much for writing such an interesting article on this topic. This has really made me think and I hope to read more.
ReplyDeleteCyber security courses London
https://github.com/cuckoosandbox/cuckoo/blob/master/conf/cuckoo.conf
ReplyDeleteIn above link show error 404 page not found. Please provide configuration files
~/cuckoo$ ./cuckoo.py
ReplyDelete.-----------------.
| Cuckoo Sandbox? |
| OH NOES! |\ '-.__.-'
'-----------------' \ /oo |--.--,--,--.
\_.-'._i__i__i_.'
"""""""""
Cuckoo Sandbox 1.2
www.cuckoosandbox.org
Copyright (c) 2010-2015
2018-05-01 10:52:02,893 [root] CRITICAL: CuckooCriticalError: Unable to import plugin "modules.machinery.avd": No module named avd
Hi Mr Davis , I thank you for making cuckoo sandbox so informative and easy to install.
ReplyDeleteI have a query , Im using VMware workstation and Im not sure of the port number , how to find the port number for the below mentioned statement :
# Specify a port number to bind the result server on.
port = {{ cuckoo.resultserver.port }}
Hi Mr Davis , I thank you for making cuckoo sandbox so informative and easy to install.
ReplyDeleteI have a query , Im using VMware workstation and Im not sure of the port number , how to find the port number for the below mentioned statement :
# Specify a port number to bind the result server on.
port = {{ cuckoo.resultserver.port }}
Regards
Hemant Yadav
Hi Mr. Davis, have you ever configured Cuckoo to route traffic through a VPN? I'm trying to achieve this but I get the error:
ReplyDeleteWhat could be going on? I haven't found anything online and there's no active online community for Cuckoo. I hope you can reply to me because I have no one else I can ask and I need this to work for my university project.