cuckoo的配置以及启动场景问题分析
来源:互联网 发布:fifaol3数据库app 编辑:程序博客网 时间:2024/06/06 04:44
引言: 在安装完cuckoo的依赖包之后,我们来看看如何配置cuckoo,以及在cuckoo启动过程中碰到的各类问题分析。
1. 配置文件
在cuckoo目录下,配置文件置于conf目录下,重要的配置文件有cuckoo.conf, virutalbox.conf,由于这里使用了virutalbox。 修改virtualbox.conf,下图为配置片断:
xp: 为 virtualbox中的虚拟机名称,在下列配置中的xp。
[virtualbox]# Specify which VirtualBox mode you want to run your machines on.# Can be "gui", "sdl" or "headless". Refer to VirtualBox's official# documentation to understand the differences.mode = gui# Path to the local installation of the VBoxManage utility.path = /usr/bin/VBoxManage# Default network interface.interface = vboxnet0# Specify a comma-separated list of available machines to be used. For each# specified ID you have to define a dedicated section containing the details# on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)machines = xp[xp]# Specify the label name of the current machine as specified in your# VirtualBox configuration.label = xp# Specify the operating system platform used by current machine# [windows/darwin/linux].platform = windows# Specify the IP address of the current virtual machine. Make sure that the# IP address is valid and that the host machine is able to reach it. If not,# the analysis will fail.ip = 192.168.56.101# (Optional) Specify the snapshot name to use. If you do not specify a snapshot# name, the VirtualBox MachineManager will use the current snapshot.# Example (Snapshot1 is the snapshot name):# snapshot = Snapshot1配置中,加粗和斜体的为我们需要修改的。
2. 启动cuckoo
>> sudo python cuckoo.py (-d: 打印详细启动信息)
在某些情况下,可以发现无法找到相应的vm实例,这个情况下,需要修改cuckoo目录的所有者,基于当下命令来直接启动,正常情况下是不需要这样做的。
>> sudo chown currentuser: cuckoo
3. 提交分析任务
进入cuckoo的目录,在util/submit.py,执行如下命令:
cd ~/cuckoo/util python submit.py ../filesrcnote: filesrc is the directory where the scannedfile exists. 被扫描的文件目录。
Start up the cuckoo
>> cd ~/cuckoo
>> ./cuckoo.py # 开始分析提交的文件
正确的输出结果(其中若干重复内容有删减):
016-09-16 21:21:49,942 [lib.cuckoo.core.guest] DEBUG: xp: not ready yet2016-09-16 21:21:50,281 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature: dead_host2016-09-16 21:21:50,282 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature: suspicious_process2016-09-16 21:21:50,282 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature: antivirus_virustotal2016-09-16 21:21:50,282 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature: packer_entropy2016-09-16 21:21:50,283 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature: stealth_hiddenfile2016-09-16 21:21:50,283 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature: packer_upx2016-09-16 21:21:51,001 [lib.cuckoo.core.guest] DEBUG: xp: not ready yet2016-09-16 21:21:51,901 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"2016-09-16 21:21:51,901 [lib.cuckoo.core.scheduler] INFO: Task #9: reports generation completed (path=/home/polo/cuckoo/storage/analyses/9)2016-09-16 21:21:51,919 [lib.cuckoo.core.scheduler] INFO: Task #9: analysis procedure completed2016-09-16 21:21:52,036 [lib.cuckoo.core.guest] DEBUG: xp: not ready yet2016-09-16 21:21:53,043 [lib.cuckoo.core.guest] DEBUG: xp: not ready yet2016-09-16 21:21:53,130 [lib.cuckoo.core.guest] DEBUG: xp: waiting for status 0x00012016-09-16 21:21:53,147 [lib.cuckoo.core.guest] DEBUG: xp: status ready2016-09-16 21:21:53,249 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=xp, ip=192.168.56.101)2016-09-16 21:21:54,676 [lib.cuckoo.core.guest] DEBUG: xp: analyzer started with PID 10282016-09-16 21:21:54,716 [lib.cuckoo.core.guest] DEBUG: xp: waiting for completion2016-09-16 21:21:55,530 [lib.cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.2016-09-16 21:21:55,739 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)2016-09-16 21:21:56,757 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)。。。。。。。。2016-09-16 21:23:23,480 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)2016-09-16 21:23:24,571 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)2016-09-16 21:23:25,683 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)2016-09-16 21:23:25,879 [lib.cuckoo.core.resultserver] DEBUG: New process (pid=368, ppid=1740, name=cmd.exe)2016-09-16 21:23:26,747 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)2016-09-16 21:23:27,827 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)。。。。。。。。2016-09-16 21:24:36,113 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)2016-09-16 21:24:37,215 [lib.cuckoo.core.guest] DEBUG: xp: analysis not completed yet (status=2)2016-09-16 21:24:37,247 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 192.168.56.101:10592016-09-16 21:24:37,249 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 192.168.56.101:10542016-09-16 21:24:38,338 [lib.cuckoo.core.guest] INFO: xp: analysis completed successfully33 packets captured33 packets received by filter0 packets dropped by kernel2016-09-16 21:24:38,352 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer2016-09-16 21:24:38,353 [modules.machinery.virtualbox] DEBUG: Stopping vm xp2016-09-16 21:24:38,354 [modules.machinery.virtualbox] DEBUG: Getting status for xp2016-09-16 21:24:38,720 [modules.machinery.virtualbox] DEBUG: Machine xp status running2016-09-16 21:24:39,758 [modules.machinery.virtualbox] DEBUG: Getting status for xp2016-09-16 21:24:40,114 [modules.machinery.virtualbox] DEBUG: Machine xp status poweroff2016-09-16 21:24:40,225 [lib.cuckoo.core.scheduler] DEBUG: Released database task #102016-09-16 21:24:40,273 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,315 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,316 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,327 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,328 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,329 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,340 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,341 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,356 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:40,370 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:41,737 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "VirusTotal" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:41,738 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/home/polo/cuckoo/storage/analyses/10"2016-09-16 21:24:41,785 [lib.cuckoo.core.plugins] DEBUG: Running 400 signatures2016-09-16 21:24:41,893 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the exploit_heapspray signatureTraceback (most recent call last): File "/home/polo/cuckoo/lib/cuckoo/core/plugins.py", line 378, in call_signature if handler(*args, **kwargs): File "/home/polo/cuckoo/modules/signatures/windows/exploitation.py", line 22, in on_call pid = call["arguments"]["process_identifier"]KeyError: 'process_identifier'2016-09-16 21:24:41,921 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the exploit_heapspray signatureTraceback (most recent call last): File "/home/polo/cuckoo/lib/cuckoo/core/plugins.py", line 378, in call_signature if handler(*args, **kwargs): File "/home/polo/cuckoo/modules/signatures/windows/exploitation.py", line 22, in on_call pid = call["arguments"]["process_identifier"]KeyError: 'process_identifier'2016-09-16 21:24:41,991 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the exploit_heapspray signatureTraceback (most recent call last): File "/home/polo/cuckoo/lib/cuckoo/core/plugins.py", line 378, in call_signature if handler(*args, **kwargs): File "/home/polo/cuckoo/modules/signatures/windows/exploitation.py", line 22, in on_call pid = call["arguments"]["process_identifier"]KeyError: 'process_identifier'2016-09-16 21:24:41,992 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the exploit_heapspray signatureTraceback (most recent call last): File "/home/polo/cuckoo/lib/cuckoo/core/plugins.py", line 378, in call_signature if handler(*args, **kwargs): File "/home/polo/cuckoo/modules/signatures/windows/exploitation.py", line 22, in on_call pid = call["arguments"]["process_identifier"]KeyError: 'process_identifier'2016-09-16 21:24:42,002 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the exploit_heapspray signatureTraceback (most recent call last): File "/home/polo/cuckoo/lib/cuckoo/core/plugins.py", line 378, in call_signature if handler(*args, **kwargs): File "/home/polo/cuckoo/modules/signatures/windows/exploitation.py", line 22, in on_call pid = call["arguments"]["process_identifier"]KeyError: 'process_identifier'2016-09-16 21:24:42,003 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the exploit_heapspray signatureTraceback (most recent call last): File "/home/polo/cuckoo/lib/cuckoo/core/plugins.py", line 378, in call_signature if handler(*args, **kwargs): File "/home/polo/cuckoo/modules/signatures/windows/exploitation.py", line 22, in on_call pid = call["arguments"]["process_identifier"]KeyError: 'process_identifier'2016-09-16 21:24:42,519 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature: dead_host2016-09-16 21:24:42,739 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"2016-09-16 21:24:42,739 [lib.cuckoo.core.scheduler] INFO: Task #10: reports generation completed (path=/home/polo/cuckoo/storage/analyses/10)2016-09-16 21:24:42,758 [lib.cuckoo.core.scheduler] INFO: Task #10: analysis procedure completed关注task #10 , reports generation completed, analysis procedure completed 表示任务完成。
5. 常见启动错误分析以及应对
错误1: CuckooCriticalError: Unable to import plugin "modules.processing.behavior": No module named dateutil.parser
具体的错误信息:
polo@polo-notebook:/opt/cuckoo$ sudo python cuckoo.py -d .: :: .-. , : .-. ;;.-. .-. .-. ; ; ; ; ;; .' ; ;'; ;' `;;;;'.'`..:;._`;;;;'_.'` `.`;;' `;;' Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015 Checking for updates... Good! You have the latest version available.2016-09-16 09:37:03,034 [root] DEBUG: Importing modules...2016-09-16 09:37:03,076 [root] CRITICAL: CuckooCriticalError: Unable to import plugin "modules.processing.behavior": No module named dateutil.parserHow to fix it?
sudo pip install python-dateutil
错误2: CRITICAL: CuckooCriticalError: Unable to bind ResultServer on192.168.56.1:2042: [Errno 99] Cannot assign requested address
详细的错误信息:
polo@polo-notebook:/opt/cuckoo$ sudo python cuckoo.py -d _ _ _ _ _ _ /\ \ /\_\ /\ \ /\_\ /\ \ /\ \ / \ \ / / / _ / \ \ / / / _ / \ \ / \ \ / /\ \ \ \ \ \__ /\_\ / /\ \ \ / / / /\_\ / /\ \ \ / /\ \ \ / / /\ \ \ \ \___\ / / // / /\ \ \ / / /__/ / / / / /\ \ \ / / /\ \ \ / / / \ \_\ \__ / / / // / / \ \_\ / /\_____/ / / / / \ \_\ / / / \ \_\ / / / \/_/ / / / / / // / / \/_/ / /\_______/ / / / / / // / / / / / / / / / / / / / // / / / / /\ \ \ / / / / / // / / / / / / / /________ / / /___/ / // / /________ / / / \ \ \ / / /___/ / // / /___/ / / / / /_________\/ / /____\/ // / /_________\/ / / \ \ \ / / /____\/ // / /____\/ / \/____________/\/_________/ \/____________/\/_/ \_\_\\/_________/ \/_________/ Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015 Checking for updates... Good! You have the latest version available.2016-09-16 09:41:26,389 [root] DEBUG: Importing modules...2016-09-16 09:41:26,729 [root] DEBUG: Imported "signatures" modules:2016-09-16 09:41:26,730 [root] DEBUG: |-- CreatesExe2016-09-16 09:41:26,730 [root] DEBUG: `-- SystemMetrics2016-09-16 09:41:26,730 [root] DEBUG: Imported "processing" modules:2016-09-16 09:41:26,730 [root] DEBUG: |-- AnalysisInfo2016-09-16 09:41:26,731 [root] DEBUG: |-- ApkInfo2016-09-16 09:41:26,731 [root] DEBUG: |-- Baseline2016-09-16 09:41:26,731 [root] DEBUG: |-- BehaviorAnalysis2016-09-16 09:41:26,731 [root] DEBUG: |-- DroppedBuffer2016-09-16 09:41:26,732 [root] DEBUG: |-- Debug2016-09-16 09:41:26,732 [root] DEBUG: |-- Droidmon2016-09-16 09:41:26,732 [root] DEBUG: |-- Dropped2016-09-16 09:41:26,733 [root] DEBUG: |-- TLSMasterSecrets2016-09-16 09:41:26,733 [root] DEBUG: |-- GooglePlay2016-09-16 09:41:26,733 [root] DEBUG: |-- Memory2016-09-16 09:41:26,733 [root] DEBUG: |-- NetworkAnalysis2016-09-16 09:41:26,734 [root] DEBUG: |-- ProcessMemory2016-09-16 09:41:26,734 [root] DEBUG: |-- Screenshots2016-09-16 09:41:26,734 [root] DEBUG: |-- Snort2016-09-16 09:41:26,734 [root] DEBUG: |-- Static2016-09-16 09:41:26,735 [root] DEBUG: |-- Strings2016-09-16 09:41:26,735 [root] DEBUG: |-- Suricata2016-09-16 09:41:26,735 [root] DEBUG: |-- TargetInfo2016-09-16 09:41:26,736 [root] DEBUG: `-- VirusTotal2016-09-16 09:41:26,736 [root] DEBUG: Imported "auxiliary" modules:2016-09-16 09:41:26,736 [root] DEBUG: |-- MITM2016-09-16 09:41:26,736 [root] DEBUG: |-- Services2016-09-16 09:41:26,737 [root] DEBUG: `-- Sniffer2016-09-16 09:41:26,737 [root] DEBUG: Imported "reporting" modules:2016-09-16 09:41:26,737 [root] DEBUG: |-- JsonDump2016-09-16 09:41:26,737 [root] DEBUG: |-- Moloch2016-09-16 09:41:26,738 [root] DEBUG: |-- MongoDB2016-09-16 09:41:26,738 [root] DEBUG: `-- ReportHTML2016-09-16 09:41:26,738 [root] DEBUG: Imported "machinery" modules:2016-09-16 09:41:26,738 [root] DEBUG: `-- VirtualBox2016-09-16 09:41:26,741 [root] DEBUG: Checking for locked tasks..2016-09-16 09:41:26,756 [root] DEBUG: Checking for pending service tasks..2016-09-16 09:41:26,769 [root] DEBUG: Initializing Yara...2016-09-16 09:41:26,775 [root] DEBUG: |-- index_binaries.yar2016-09-16 09:41:26,775 [root] DEBUG: `-- index_memory.yar2016-09-16 09:41:26,790 [root] CRITICAL: CuckooCriticalError: Unable to bind ResultServer on 192.168.56.1:2042: [Errno 99] Cannot assign requested addressHow to fix it?
这个错误信息是由于无法连接到vm的原因导致的,故需要设置其网络设置。具体的设置步骤如下:
就这样,vboxnet0在host-only模式下,就是我们需要使用的网络模式。
错误3:Could not find a registered machine named 'xp'
详细错误信息:
polo@polo-notebook:/opt/cuckoo$ sudo python cuckoo.py -d _ ____ _ _ ____| | _ ___ ___ / ___) | | |/ ___) |_/ ) _ \ / _ \ ( (___| |_| ( (___| _ ( |_| | |_| | \____)____/ \____)_| \_)___/ \___/ Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015 Checking for updates... Good! You have the latest version available.2016-09-16 09:53:07,298 [root] DEBUG: Importing modules...2016-09-16 09:53:07,575 [root] DEBUG: Imported "signatures" modules:2016-09-16 09:53:07,576 [root] DEBUG: |-- CreatesExe2016-09-16 09:53:07,577 [root] DEBUG: `-- SystemMetrics2016-09-16 09:53:07,577 [root] DEBUG: Imported "processing" modules:2016-09-16 09:53:07,577 [root] DEBUG: |-- AnalysisInfo2016-09-16 09:53:07,577 [root] DEBUG: |-- ApkInfo2016-09-16 09:53:07,578 [root] DEBUG: |-- Baseline2016-09-16 09:53:07,578 [root] DEBUG: |-- BehaviorAnalysis2016-09-16 09:53:07,578 [root] DEBUG: |-- DroppedBuffer2016-09-16 09:53:07,579 [root] DEBUG: |-- Debug2016-09-16 09:53:07,579 [root] DEBUG: |-- Droidmon2016-09-16 09:53:07,580 [root] DEBUG: |-- Dropped2016-09-16 09:53:07,580 [root] DEBUG: |-- TLSMasterSecrets2016-09-16 09:53:07,580 [root] DEBUG: |-- GooglePlay2016-09-16 09:53:07,581 [root] DEBUG: |-- Memory2016-09-16 09:53:07,581 [root] DEBUG: |-- NetworkAnalysis2016-09-16 09:53:07,581 [root] DEBUG: |-- ProcessMemory2016-09-16 09:53:07,581 [root] DEBUG: |-- Screenshots2016-09-16 09:53:07,582 [root] DEBUG: |-- Snort2016-09-16 09:53:07,582 [root] DEBUG: |-- Static2016-09-16 09:53:07,582 [root] DEBUG: |-- Strings2016-09-16 09:53:07,583 [root] DEBUG: |-- Suricata2016-09-16 09:53:07,583 [root] DEBUG: |-- TargetInfo2016-09-16 09:53:07,584 [root] DEBUG: `-- VirusTotal2016-09-16 09:53:07,584 [root] DEBUG: Imported "auxiliary" modules:2016-09-16 09:53:07,584 [root] DEBUG: |-- MITM2016-09-16 09:53:07,584 [root] DEBUG: |-- Services2016-09-16 09:53:07,585 [root] DEBUG: `-- Sniffer2016-09-16 09:53:07,585 [root] DEBUG: Imported "reporting" modules:2016-09-16 09:53:07,585 [root] DEBUG: |-- JsonDump2016-09-16 09:53:07,586 [root] DEBUG: |-- Moloch2016-09-16 09:53:07,587 [root] DEBUG: |-- MongoDB2016-09-16 09:53:07,589 [root] DEBUG: `-- ReportHTML2016-09-16 09:53:07,590 [root] DEBUG: Imported "machinery" modules:2016-09-16 09:53:07,590 [root] DEBUG: `-- VirtualBox2016-09-16 09:53:07,593 [root] DEBUG: Checking for locked tasks..2016-09-16 09:53:07,620 [root] DEBUG: Checking for pending service tasks..2016-09-16 09:53:07,630 [root] DEBUG: Initializing Yara...2016-09-16 09:53:07,638 [root] DEBUG: |-- index_binaries.yar2016-09-16 09:53:07,645 [root] DEBUG: `-- index_memory.yar2016-09-16 09:53:07,665 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042.2016-09-16 09:53:07,669 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager2016-09-16 09:53:08,367 [modules.machinery.virtualbox] DEBUG: Stopping vm xp2016-09-16 09:53:08,368 [modules.machinery.virtualbox] DEBUG: Getting status for xp2016-09-16 09:53:08,521 [modules.machinery.virtualbox] DEBUG: VBoxManage returns error checking status for machine xp: VBoxManage: error: Could not find a registered machine named 'xp'VBoxManage: error: Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), component VirtualBoxWrap, interface IVirtualBox, callee nsISupportsVBoxManage: error: Context: "FindMachine(Bstr(VMNameOrUuid).raw(), machine.asOutParam())" at line 2780 of file VBoxManageInfo.cpp2016-09-16 09:53:09,555 [modules.machinery.virtualbox] DEBUG: VBoxManage exited with error powering off the machine2016-09-16 09:53:09,557 [modules.machinery.virtualbox] DEBUG: Getting status for xp2016-09-16 09:53:09,711 [modules.machinery.virtualbox] DEBUG: VBoxManage returns error checking status for machine xp: VBoxManage: error: Could not find a registered machine named 'xp'VBoxManage: error: Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), component VirtualBoxWrap, interface IVirtualBox, callee nsISupportsVBoxManage: error: Context: "FindMachine(Bstr(VMNameOrUuid).raw(), machine.asOutParam())" at line 2780 of file VBoxManageInfo.cpp2016-09-16 09:53:09,733 [lib.cuckoo.common.abstracts] DEBUG: Waiting 0 cuckooseconds for machine xp to switch to status ['poweroff', 'aborted', 'saved']2016-09-16 09:53:10,734 [modules.machinery.virtualbox] DEBUG: Getting status for xp2016-09-16 09:53:10,887 [modules.machinery.virtualbox] DEBUG: VBoxManage returns error checking status for machine xp: VBoxManage: error: Could not find a registered machine named 'xp'VBoxManage: error: Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), component VirtualBoxWrap, interface IVirtualBox, callee nsISupportsVBoxManage: error: Context: "FindMachine(Bstr(VMNameOrUuid).raw(), machine.asOutParam())" at line 2780 of file VBoxManageInfo.cpp2016-09-16 09:53:10,908 [lib.cuckoo.common.abstracts] DEBUG: Waiting 1 cuckooseconds for machine xp to switch to status ['poweroff', 'aborted', 'saved']2016-09-16 09:53:11,910 [modules.machinery.virtualbox] DEBUG: Getting status for xp2016-09-16 09:53:12,063 [modules.machinery.virtualbox] DEBUG: VBoxManage returns error checking status for machine xp: VBoxManage: error: Could not find a registered machine named 'xp'VBoxManage: error: Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), component VirtualBoxWrap, interface IVirtualBox, callee nsISupportsVBoxManage: error: Context: "FindMachine(Bstr(VMNameOrUuid).raw(), machine.asOutParam())" at line 2780 of file VBoxManageInfo.cpp2016-09-16 09:53:12,083 [lib.cuckoo.common.abstracts] DEBUG: Waiting 2 cuckooseconds for machine xp to switch to status ['poweroff', 'aborted', 'saved']2016-09-16 09:53:13,085 [modules.machinery.virtualbox] DEBUG: Getting status for xp2016-09-16 09:53:13,246 [modules.machinery.virtualbox] DEBUG: VBoxManage returns error checking status for machine xp: VBoxManage: error: Could not find a registered machine named 'xp'VBoxManage: error: Details: code VBOX_E_OBJECT_NOT_FOUND (0x80bb0001), component VirtualBoxWrap, interface IVirtualBox, callee nsISupportsVBoxManage: error: Context: "FindMachine(Bstr(VMNameOrUuid).raw(), machine.asOutParam())" at line 2780 of file VBoxManageInfo.cppHow to fix it?
Sudo chown -R currentuser: cuckoo
错误5: CRITICAL: CuckooCriticalError: Unable to bind ResultServer on192.168.56.1:2042: [Errno 99] Cannot assign requested address
详细错误信息:
2016-09-16 18:05:50,974 [root] DEBUG: Importing modules...2016-09-16 18:05:51,159 [root] DEBUG: Imported "signatures" modules:2016-09-16 18:05:51,160 [root] DEBUG: |-- CreatesExe2016-09-16 18:05:51,160 [root] DEBUG: `-- SystemMetrics2016-09-16 18:05:51,160 [root] DEBUG: Imported "processing" modules:2016-09-16 18:05:51,160 [root] DEBUG: |-- AnalysisInfo2016-09-16 18:05:51,161 [root] DEBUG: |-- ApkInfo2016-09-16 18:05:51,161 [root] DEBUG: |-- Baseline2016-09-16 18:05:51,161 [root] DEBUG: |-- BehaviorAnalysis2016-09-16 18:05:51,161 [root] DEBUG: |-- DroppedBuffer2016-09-16 18:05:51,162 [root] DEBUG: |-- Debug2016-09-16 18:05:51,162 [root] DEBUG: |-- Droidmon2016-09-16 18:05:51,162 [root] DEBUG: |-- Dropped2016-09-16 18:05:51,163 [root] DEBUG: |-- TLSMasterSecrets2016-09-16 18:05:51,163 [root] DEBUG: |-- GooglePlay2016-09-16 18:05:51,163 [root] DEBUG: |-- Memory2016-09-16 18:05:51,163 [root] DEBUG: |-- NetworkAnalysis2016-09-16 18:05:51,164 [root] DEBUG: |-- ProcessMemory2016-09-16 18:05:51,164 [root] DEBUG: |-- Screenshots2016-09-16 18:05:51,164 [root] DEBUG: |-- Snort2016-09-16 18:05:51,164 [root] DEBUG: |-- Static2016-09-16 18:05:51,165 [root] DEBUG: |-- Strings2016-09-16 18:05:51,165 [root] DEBUG: |-- Suricata2016-09-16 18:05:51,165 [root] DEBUG: |-- TargetInfo2016-09-16 18:05:51,166 [root] DEBUG: `-- VirusTotal2016-09-16 18:05:51,166 [root] DEBUG: Imported "auxiliary" modules:2016-09-16 18:05:51,166 [root] DEBUG: |-- MITM2016-09-16 18:05:51,166 [root] DEBUG: |-- Services2016-09-16 18:05:51,167 [root] DEBUG: `-- Sniffer2016-09-16 18:05:51,167 [root] DEBUG: Imported "reporting" modules:2016-09-16 18:05:51,167 [root] DEBUG: |-- JsonDump2016-09-16 18:05:51,167 [root] DEBUG: |-- Moloch2016-09-16 18:05:51,168 [root] DEBUG: |-- MongoDB2016-09-16 18:05:51,168 [root] DEBUG: `-- ReportHTML2016-09-16 18:05:51,168 [root] DEBUG: Imported "machinery" modules:2016-09-16 18:05:51,168 [root] DEBUG: `-- VirtualBox2016-09-16 18:05:51,172 [root] DEBUG: Checking for locked tasks..2016-09-16 18:05:51,187 [root] DEBUG: Checking for pending service tasks..2016-09-16 18:05:51,197 [root] DEBUG: Initializing Yara...2016-09-16 18:05:51,199 [root] DEBUG: |-- index_binaries.yar2016-09-16 18:05:51,200 [root] DEBUG: `-- index_memory.yar2016-09-16 18:05:51,213 [root] CRITICAL: CuckooCriticalError: Unable to bind ResultServer on 192.168.56.1:2042: [Errno 99] Cannot assign requested addressHow to fix it?
# If the hostonly interface vboxnet0 does not exist already.
$ VBoxManage hostonlyif create# Configure vboxnet0.$ VBoxManage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1 --netmask 255.255.255.0
1 0
- cuckoo的配置以及启动场景问题分析
- Cuckoo的配置与使用Ubuntu + VirtualBox + windows Xp SP3
- 安装cuckoo的requirements.txt出现的问题和解决
- 环境变量配置问题以及tomcat启动一闪而过的处理办法
- Cuckoo的诞生
- Android的生命周期和启动模式以及使用场景
- Cuckoo Hashing :二分匹配问题
- 修改centos6.3启动级别以及启动级别配置错误的修改问题
- 冒泡排序的Java实现、性能分析以及适用场景
- 希尔排序的Java实现、性能分析以及适用场景
- 快速排序的Java实现、性能分析以及适用场景
- 堆排序的Java实现、性能分析以及适用场景
- 归并排序的Java实现、性能分析以及适用场景
- cuckoo沙箱的搭建
- memcached源码分析-----memcached启动参数详解以及关键配置的默认值
- Caffe 模型微调 的场景、问题、技巧以及解决方案
- Caffe 模型微调 的场景、问题、技巧以及解决方案
- DM36x的UBL分析以及串口启动
- Windows下使用AndroidStudio+ReactNative开发Android应用
- 排序算法之——计数排序(Java实现)
- TCP---三次握手和四次挥手
- nodejs 文件操作
- UE4-碰撞事件:开关门蓝图类实现提升篇
- cuckoo的配置以及启动场景问题分析
- 聊聊HTTPS和SSL/TLS协议
- 冒泡排序
- linux 安装配置XAMPP
- spawn-fcgi运行fcgiwrap
- Volley框架之网络请求和图片加载
- React Native实战(一):配置和起步
- ThinkPHP3.1.3配置文件
- C#对象间的协作和信息交换(六)利用事件(Event)广播消息
