i start getting this error after launching the cuckoo 1.2 i search around for it and most of the solutions
were about checking the configuration files and privilege issues
i checked the config files but i couldnt find any mistakes and for privilege issues i couldnt know what to do to the privilege since am new to this system
this is the error
[lib.cuckoo.core.scheduler] INFO: Using "virtualbox" machine manager
[root] CRITICAL: CuckooCriticalError: Please update your configuration. Unable to shut 'xp' down or find the machine in its proper state: Timeout hit while for machine xp to change status
my host ubuntu 14.4
ip = 192.168.56.1
my guest windows xp service pack 3 (on virtualbox)
ip = 192.168.56.101
gateway = 192.168.56.1
here are the config files
[cuckoo]
version_check = off
delete_original = off
delete_bin_copy = off
machinery = virtualbox
memory_dump = off
terminate_processes = off
reschedule = off
process_results = on
max_analysis_count = 0
max_machines_count = 0
freespace = 64
Temporary directory containing the files uploaded through Cuckoo int$
tmppath = /tmp
[resultserver]
resultserver_ip for all your virtual machines in machinery configu$ip = 192.168.56.1
port = 2042
store_csvs = off
upload_max_size = 10485760
[processing]
analysis_size_limit = 104857600
resolve_dns = on
sort_pcap = on
[database]
connection =
timeout =
[timeouts]
default = 120
critical = 600
[virtualbox]
mode = gui
path = /usr/bin/VBoxManage
machines = xp
[xp]
label = xp
platform = windows
ip = 192.168.56.101
thank you for the help
A wild guess would be it's either a network issue or your VM is broken or: could you change mode = gui to mode = headless.
We have changed it to the latter by default for the upcoming version of Cuckoo as you wouldn't be the first guy with this issue ;)
Run virtualbox and cuckoo.py all as root user
$sudo virtualbox
$sudo python cuckoo.py
I meet the seem mistake "Timeout hit while for machine xp to change status".
the reason is cuckoo change the VM state fail.
So i delete the snapshot,than recreate the snapshot, than problem is slove.
hi, i am also facing the same error... i have re-installed the virtualbox i have also recreated the snapshot.. and my host and guest machines with ip 192.168.56.1 and 192.168.58.101 respectively are also pinging each other, but i am still getting the following error
Checking for updates...
Failed! Unable to establish connection.
2016-11-09 11:54:55,712 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager
2016-11-09 11:56:10,221 [root] CRITICAL: CuckooCriticalError: Please update your configuration. Unable to shut 'windowsxp' down or find the machine in its proper state: Timeout hit while for machine windowsxp to change status
what is wrong.. i am unable to troubleshoot... kindly help!!
i have only one question, why do you use cuckoo 1.2? if there also 1.3, v2 rc1, v2dev?
i am using Cuckoo Sandbox 2.0-dev
this is wat is dispalyed when i run cuckoo.py
Cuckoo Sandbox 2.0-dev
www.cuckoosandbox.org
this is my cuckoo.conf file pls see if there is any issue with the configuration
[cuckoo]
version_check = on
delete_original = off
delete_bin_copy = off
machinery = virtualbox
memory_dump = off
terminate_processes = off
reschedule = off
process_results = on
max_analysis_count = 0
max_machines_count = 0
max_vmstartup_count = 10
freespace = 64
tmppath = /tmp
rooter = /tmp/cuckoo-rooter
[routing]
route = none
internet = none
rt_table = main
auto_rt = yes
[resultserver]
resultserver_ip for all your virtual machines in machinery configuration.ip = 192.168.56.1
port = 2042
force_port = no
upload_max_size = 10485760
[processing]
analysis_size_limit = 104857600
resolve_dns = on
sort_pcap = on
[database]
connection =
timeout =
[timeouts]
default = 120
critical = 60
vm_state = 60
I am getting the same error. I checked to make sure the snapshot, OS, label, machine, mode, and vboxmanage path are all correct as well ensured that cuckoo user is the vboxusers group.
Anything else that I should check?
first of all why still using 1.2? if 1.3 and 2.0 rc2 exists?
hi,
i want to understand the internal working of cuckoo sandbox. As i am not
well versed with python, hence understanding the code is little difficult
for me.. I have gone through your paper at :
https://media.blackhat.com/us-13/US-13-Bremer-Mo-Malware-Mo-Problems-Cuckoo-Sandbox-WP.pdf
here, it states that cuckoo does API hooking and monitor the API calls from
the running process. It then generated logs of that and based on available
signatures, it generated a report. Can i have some more detailed document
on its working??
Thanks :)
On 9 March 2017 at 12:24, doomedraven notifications@github.com wrote:
first of all why still using 1.2? if 1.3 and 2.0 rc2 exists?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cuckoosandbox/cuckoo/issues/616#issuecomment-285270738,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJaopMVjcP20yvYlhKPR9M-yY0ajhGRtks5rj6IsgaJpZM4FsJ0D
.
https://cuckoo.sh/docs/index.html from package branch
this all is it installation , configuration and usage... i want to
understand the theory behind its working... dont u guys have written or
presented some paper on it
On 9 March 2017 at 17:34, doomedraven notifications@github.com wrote:
https://cuckoo.sh/docs/index.html from package branch
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cuckoosandbox/cuckoo/issues/616#issuecomment-285333982,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJaopM0N3eZc0cOGxCJVEbIl2Ul6IE-Jks5rj-rTgaJpZM4FsJ0D
.
I should have been more clear. I am running 2.0 on an ubuntu 16.04 LTS host with a windows 10 sandbox.
hi,
i have one doubt.. after doing analysis of the infected file on a specified
VM, cuckoo logs the actions performed by the processes to the main sandbox.
After the analysis is finished, the gathered logs - like monitored
processes, behaviour logs are given to known signatures modules for any
malicious behaviour..
My question is whether everytime the output is checked against known
signatures.. And What if the signature for that processes is not available
or defined? Would the result of analysis will be wrong for a malicious file
whose signatures are not present??
On 9 March 2017 at 17:37, misha mehra mishamehra@gmail.com wrote:
this all is it installation , configuration and usage... i want to
understand the theory behind its working... dont u guys have written or
presented some paper on itOn 9 March 2017 at 17:34, doomedraven notifications@github.com wrote:
https://cuckoo.sh/docs/index.html from package branch
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cuckoosandbox/cuckoo/issues/616#issuecomment-285333982,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJaopM0N3eZc0cOGxCJVEbIl2Ul6IE-Jks5rj-rTgaJpZM4FsJ0D
.
Why wrong? data which doesnt exist are not wrong, the analysis will be the same just with less signatures, nothing else
i want to understand how cuckoo analyse malware through cuckoomon.dll...
can u share some document on its internal working plss??
On 16 March 2017 at 10:12, doomedraven notifications@github.com wrote:
Why wrong? data which doesnt exist are not wrong, the analysis will be the
same just with less signatures, nothing else—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cuckoosandbox/cuckoo/issues/616#issuecomment-286956485,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJaopBIykLrmEA8JJ31CXmSiPsxVmOHlks5rmL3OgaJpZM4FsJ0D
.
hi,
is there support for encrypted/ encoded and zipped files analysis on cuckoo
sandbox?
On 28 March 2017 at 23:23, misha mehra mishamehra@gmail.com wrote:
i want to understand how cuckoo analyse malware through cuckoomon.dll...
can u share some document on its internal working plss??On 16 March 2017 at 10:12, doomedraven notifications@github.com wrote:
Why wrong? data which doesnt exist are not wrong, the analysis will be
the same just with less signatures, nothing else—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cuckoosandbox/cuckoo/issues/616#issuecomment-286956485,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJaopBIykLrmEA8JJ31CXmSiPsxVmOHlks5rmL3OgaJpZM4FsJ0D
.
We have support for zip files and basic passwords may be used as well (e.g., password or infected).
i m using cuckoo rc-2 and also trying to run pdf file. i have installed
adobe reader version 5 on windows xp virtual machine and i m getting the
following error :
2017-05-16 12:07:45,598 [lib.cuckoo.core.scheduler] INFO: Starting analysis
of FILE "East China Sea 2010-1.pdf" (task #44, options
"route=none,procmemdump=yes")
2017-05-16 12:07:45,943 [lib.cuckoo.core.scheduler] INFO: Task #44:
acquired machine windowsxp (label=windowsxp)
2017-05-16 12:07:46,059 [modules.auxiliary.sniffer] INFO: Started sniffer
with PID 9765 (interface=vboxnet0, host=192.168.56.10,
pcap=/home/misha/cuckoodir/cuckoo-rc2/cuckoo/storage/analyses/44/dump.pcap)
2017-05-16 12:07:55,038 [lib.cuckoo.core.guest] INFO: Starting analysis on
guest (id=windowsxp, ip=192.168.56.10)
2017-05-16 12:08:06,515 [lib.cuckoo.core.scheduler] ERROR: Error from the
Cuckoo Guest: Analysis failed: The package "modules.packages.pdf" start
function raised an error: Unable to find any Adobe Reader executable.
Traceback (most recent call last):
File "C:wpmypanalyzer.py", line 778, in
success = analyzer.run()
File "C:wpmypanalyzer.py", line 626, in run
(package_name, e)
CuckooError: The package "modules.packages.pdf" start function raised an
error: Unable to find any Adobe Reader executable.
2017-05-16 12:08:06,822 [lib.cuckoo.core.plugins] WARNING: Unable to stop
auxiliary module: Error running tcpdump to sniff the network traffic during
the analysis; stdout = '' and stderr = "tcpdump: vboxnet0: You don't have
permission to capture on that devicen(socket: Operation not permitted)n".
Did you enable the extra capabilities to allow running tcpdump as non-root
user and disable AppArmor properly (only applies to Ubuntu)?
2017-05-16 12:08:12,376 [modules.processing.network] WARNING: The PCAP file
does not exist at path
"/home/misha/cuckoodir/cuckoo-rc2/cuckoo/storage/analyses/44/dump.pcap".
2017-05-16 12:08:15,721 [lib.cuckoo.core.scheduler] INFO: Task #44: reports
generation completed
(path=/home/misha/cuckoodir/cuckoo-rc2/cuckoo/storage/analyses/44)
2017-05-16 12:08:15,897 [lib.cuckoo.core.scheduler] INFO: Task #44:
analysis procedure completed
On 12 April 2017 at 16:52, Jurriaan Bremer notifications@github.com wrote:
We have support for zip files and basic passwords may be used as well
(e.g., password or infected).—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/cuckoosandbox/cuckoo/issues/616#issuecomment-293547919,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AJaopL9JZNbg3APLX--U3c9DS8tuirhYks5rvLQTgaJpZM4FsJ0D
.
If you don't run Vitualbox as sudo, it will look in the wrong location for the VM. Launch Virtual box as sudo and create VM. IF you already created the VM, Launch as sudo and create the VM from the existing.
Most helpful comment
Run virtualbox and cuckoo.py all as root user
$sudo virtualbox
$sudo python cuckoo.py