Когда я попытался запустить кукушку, кукушка выдал мне следующую ошибку:
__
.----..--.--..----.| |--..-----..-----.
| __|| | || __|| < | _ || _ |
|____||_____||____||__|__||_____||_____|
Cuckoo Sandbox 2.0.7
www.cuckoosandbox.org
Copyright (c) 2010-2018
[2019-09-19 01:23:53] Increasing resource limit for number of open files to 1048576
Checking for updates...
You're good to go!
Our latest blogposts:
* Cuckoo Sandbox 2.0.7, June 19, 2019.
Stability and security
More at https://cuckoosandbox.org/blog/207-interim-release
* IQY malspam campaign, October 15, 2018.
Analysis of a malspam campaign leveraging .IQY (Excel Web Query) files containing DDE to achieve code execution.
More at https://hatching.io/blog/iqy-malspam
* Hooking VBScript execution in Cuckoo, October 03, 2018.
Details on implementation of Visual Basic Script instrumentation for Cuckoo Monitor for extraction of dynamically executed VBScript.
More at https://hatching.io/blog/vbscript-hooking
* Cuckoo Sandbox 2.0.6 pentest, September 18, 2018.
Cuckoo Sandbox 2.0.6 public pentest performed by Cure53 and sponsored by PolySwarm!
More at https://hatching.io/blog/cuckoo-206-pentest
* Cuckoo Sandbox 2.0.6, June 07, 2018.
Interim release awaiting the big release.
More at https://cuckoosandbox.org/blog/206-interim-release
[2019-09-19 01:23:59] Using database-wide lock for sqlite
[2019-09-19 01:23:59] Imported modules...
[2019-09-19 01:23:59] Imported "auxiliary" modules:
[2019-09-19 01:23:59] |-- MITM
[2019-09-19 01:23:59] |-- Reboot
[2019-09-19 01:23:59] |-- Replay
[2019-09-19 01:23:59] |-- Services
[2019-09-19 01:23:59] `-- Sniffer
[2019-09-19 01:23:59] Imported "machinery" modules:
[2019-09-19 01:23:59] |-- vSphere
[2019-09-19 01:23:59] |-- KVM
[2019-09-19 01:23:59] |-- ESX
[2019-09-19 01:23:59] |-- XenServer
[2019-09-19 01:23:59] |-- VirtualBox
[2019-09-19 01:23:59] |-- Avd
[2019-09-19 01:23:59] |-- QEMU
[2019-09-19 01:23:59] |-- VMware
[2019-09-19 01:23:59] `-- Physical
[2019-09-19 01:23:59] Imported "processing" modules:
[2019-09-19 01:23:59] |-- AnalysisInfo
[2019-09-19 01:23:59] |-- ApkInfo
[2019-09-19 01:23:59] |-- Baseline
[2019-09-19 01:23:59] |-- BehaviorAnalysis
[2019-09-19 01:23:59] |-- Debug
[2019-09-19 01:23:59] |-- Droidmon
[2019-09-19 01:23:59] |-- Dropped
[2019-09-19 01:23:59] |-- DroppedBuffer
[2019-09-19 01:23:59] |-- Extracted
[2019-09-19 01:23:59] |-- GooglePlay
[2019-09-19 01:23:59] |-- Irma
[2019-09-19 01:23:59] |-- Memory
[2019-09-19 01:23:59] |-- MetaInfo
[2019-09-19 01:23:59] |-- MISP
[2019-09-19 01:23:59] |-- NetworkAnalysis
[2019-09-19 01:23:59] |-- ProcessMemory
[2019-09-19 01:23:59] |-- Procmon
[2019-09-19 01:23:59] |-- Screenshots
[2019-09-19 01:23:59] |-- Snort
[2019-09-19 01:23:59] |-- Static
[2019-09-19 01:23:59] |-- Strings
[2019-09-19 01:23:59] |-- Suricata
[2019-09-19 01:23:59] |-- TargetInfo
[2019-09-19 01:23:59] |-- TLSMasterSecrets
[2019-09-19 01:23:59] `-- VirusTotal
[2019-09-19 01:23:59] Imported "signatures" modules:
[2019-09-19 01:23:59] `-- SystemMetrics
[2019-09-19 01:23:59] Imported "reporting" modules:
[2019-09-19 01:23:59] |-- ElasticSearch
[2019-09-19 01:23:59] |-- Feedback
[2019-09-19 01:23:59] |-- JsonDump
[2019-09-19 01:23:59] |-- Mattermost
[2019-09-19 01:23:59] |-- MISP
[2019-09-19 01:23:59] |-- Moloch
[2019-09-19 01:23:59] |-- MongoDB
[2019-09-19 01:23:59] |-- Notification
[2019-09-19 01:23:59] `-- SingleFile
[2019-09-19 01:23:59] Checking for locked tasks..
[2019-09-19 01:23:59] Checking for pending service tasks..
[2019-09-19 01:23:59] Initializing Yara...
[2019-09-19 01:23:59] |-- binaries embedded.yar
[2019-09-19 01:23:59] |-- binaries shellcodes.yar
[2019-09-19 01:23:59] |-- binaries vmdetect.yar
[2019-09-19 01:23:59] It appears that you haven't loaded any Cuckoo Signatures. Signatures are highly recommended and improve & enrich the information extracted during an analysis. They also make up for the analysis score that you see in the Web Interface - so, pretty important!
2019-09-19 01:23:59,154 [cuckoo] WARNING: It appears that you haven't loaded any Cuckoo Signatures. Signatures are highly recommended and improve & enrich the information extracted during an analysis. They also make up for the analysis score that you see in the Web Interface - so, pretty important!
[2019-09-19 01:23:59] You'll be able to fetch all the latest Cuckoo Signatures, Yara rules, and more goodies by running the following command:
2019-09-19 01:23:59,154 [cuckoo] WARNING: You'll be able to fetch all the latest Cuckoo Signatures, Yara rules, and more goodies by running the following command:
[2019-09-19 01:23:59] $ cuckoo community
2019-09-19 01:23:59,154 [cuckoo] INFO: $ cuckoo community
[2019-09-19 01:23:59] Using "avd" as machine manager
2019-09-19 01:23:59,156 [cuckoo.core.scheduler] INFO: Using "avd" as machine manager
[2019-09-19 01:23:59] CuckooConfigurationError: Option aosx_1 is not found in configuration
2019-09-19 01:23:59,265 [cuckoo] CRITICAL: CuckooConfigurationError: Option aosx_1 is not found in configuration
вот мой avd.conf
[avd]
# Specify whether we're running the Android emulator in headless mode (no GUI)
# or with GUI - for an interactive session.
mode = GUI
# Path to the local installation of the android emulator.
emulator_path = /root/Android/Sdk/emulator/emulator
# Path to the local installation of the adb (android debug bridge) utility.
adb_path = /root/Android/Sdk/platform-tools/adb
# Path where the emulator files are located.
avd_path = /root/.android/avd
# Name of the reference machine that is used to duplicate.
reference_machine = aosx
# Specify a comma-separated list of available machines to be used. For each
# specified ID you have to define a dedicated section containing the details
# on the respective machine.
machines = aosx_1
[cuckoo1]
label = aosx_1
# Specify the operating system platform used by current machine.
platform = android
# Specify the IP address of the current virtual machine. Make sure that the
# IP address is valid and that the host machine is able to reach it. If not,
# the analysis will fail. It's always 127.0.0.1 because the android emulator
# runs on the loopback network interface.
ip = 127.0.0.1
# Specify the port for the emulator as your adb sees it.
emulator_port = 5554
# (Optional) Specify the IP of the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the IP address for the Result Server as your machine sees it. If you don't specify an
# address here, the machine will use the default value from cuckoo.conf.
# NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.
# Example:
resultserver_ip = 10.0.2.2
# (Optional) Specify the port for the Result Server, as your virtual machine sees it.
# The Result Server will always bind to the address and port specified in cuckoo.conf,
# however you could set up your virtual network to use NAT/PAT, so you can specify here
# the port for the Result Server as your machine sees it. If you don't specify a port
# here, the machine will use the default value from cuckoo.conf.
# Example:
resultserver_port = 2042
# (Optional) Specify the OS profile to be used by volatility for this
# virtual machine. This will override the guest_profile variable in
# memory.conf which solves the problem of having multiple types of VMs
# and properly determining which profile to use.
osprofile =
и мой cuckoo.conf:
[cuckoo]
# Enable or disable startup version check. When enabled, Cuckoo will connect
# to a remote location to verify whether the running version is the latest
# one available.
version_check = yes
# Cuckoo will stop at startup if the version check reports vulnerabilities in
# one of Cuckoo's dependencies. This setting ignores the vulnerabilities
# and starts anyway
ignore_vulnerabilities = yes
# The authentication token that is required to access the Cuckoo API, using
# HTTP Bearer authentication. This will protect the API instance against
# unauthorized access and CSRF attacks. It is strongly recommended to set this
# to a secure value.
api_token = YSuh01Cxf8BWBpcPiayxrg
# The Web secret is used as a very basic, but successful way to provide basic
# authentication to the Cuckoo Web Interface. This is a shared secret amongst
# all users of this Cuckoo instance and will "protect" usage from users outside
# of this instance. Therefore, if you'd like to share this Cuckoo instance with
# the outside world, then don't use the Web secret functionality.
web_secret =
# If turned on, Cuckoo will delete the original file after its analysis
# has been completed.
delete_original = no
# If turned on, Cuckoo will delete the copy of the original file in the
# local binaries repository after the analysis has finished. (On *nix this
# will also invalidate the file called "binary" in each analysis directory,
# as this is a symlink.)
delete_bin_copy = no
# Specify the name of the machinery module to use, this module will
# define the interaction between Cuckoo and your virtualization software
# of choice.
machinery = avd
# Enable creation of memory dump of the analysis machine before shutting
# down. Even if turned off, this functionality can also be enabled at
# submission. Currently available for: VirtualBox and libvirt modules (KVM).
memory_dump = no
# When the timeout of an analysis is hit, the VM is just killed by default.
# For some long-running setups it might be interesting to terminate the
# monitored processes before killing the VM so that connections are closed.
terminate_processes = no
# Enable automatically re-schedule of "broken" tasks each startup.
# Each task found in status "processing" is re-queued for analysis.
reschedule = no
# Enable processing of results within the main cuckoo process.
# This is the default behavior but can be switched off for setups that
# require high stability and process the results in a separate task.
process_results = yes
# Limit the amount of analysis jobs a Cuckoo process goes through.
# This can be used together with a watchdog to mitigate risk of memory leaks.
max_analysis_count = 0
# Limit the number of concurrently executing analysis machines.
# This may be useful on systems with limited resources.
# Set to 0 to disable any limits.
max_machines_count = 0
# Limit the amount of VMs that are allowed to start in parallel. Generally
# speaking starting the VMs is one of the more CPU intensive parts of the
# actual analysis. This option tries to avoid maxing out the CPU completely.
max_vmstartup_count = 10
# Minimum amount of free space (in MB) available before starting a new task.
# This tries to avoid failing an analysis because the reports can't be written
# due out-of-diskspace errors. Setting this value to 0 disables the check.
# (Note: this feature is currently not supported under Windows.)
freespace = 1024
# Temporary directory containing the files uploaded through Cuckoo interfaces
# (api.py and Django web interface). Defaults to the default temporary
# directory of the operating system (e.g., /tmp on Linux). Overwrite the value
# if you'd like to specify an alternative path.
tmppath =
# Path to the unix socket for running root commands.
rooter = /tmp/cuckoo-rooter
[feedback]
# Cuckoo is capable of sending "developer feedback" to the developers so that
# they can more easily improve the project. This functionality also allows the
# user to quickly request new features, report bugs, and get in touch with
# support in general, etc.
enabled = no
name =
company =
email =
[resultserver]
# The Result Server is used to receive in real time the behavioral logs
# produced by the analyzer.
# Specify the IP address of the host. The analysis machines should be able
# to contact the host through such address, so make sure it's valid.
# NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option
# `resultserver_ip` for all your virtual machines in machinery configuration.
ip = 0.0.0.0
# Specify a port number to bind the result server on. Set to 0 to use a random
# port.
port = 4444
# Maximum size of uploaded files from VM (screenshots, dropped files, log).
# The value is expressed in bytes, by default 128 MB.
upload_max_size = 134217728
[processing]
# Set the maximum size of analyses generated files to process. This is used
# to avoid the processing of big files which may take a lot of processing
# time. The value is expressed in bytes, by default 128 MB.
analysis_size_limit = 134217728
# Enable or disable DNS lookups.
resolve_dns = yes
# Enable PCAP sorting, needed for the connection content view in the web interface.
sort_pcap = yes
[database]
# Specify the database connection string.
# NOTE: If you are using a custom database (different from sqlite), you have to
# use utf-8 encoding when issuing the SQL database creation statement.
# Examples, see documentation for more:
# sqlite:///foo.db
# postgresql://foo:bar@localhost:5432/mydatabase
# mysql://foo:bar@localhost/mydatabase
# If empty, defaults to a SQLite3 database at $CWD/cuckoo.db.
connection =
# Database connection timeout in seconds.
# If empty, default is set to 60 seconds.
timeout = 60
[timeouts]
# Set the default analysis timeout expressed in seconds. This value will be
# used to define after how many seconds the analysis will terminate unless
# otherwise specified at submission.
default = 120
# Set the critical timeout expressed in (relative!) seconds. It will be added
# to the default timeout above and after this timeout is hit
# Cuckoo will consider the analysis failed and it will shutdown the machine
# no matter what. When this happens the analysis results will most likely
# be lost.
critical = 60
# Maximum time to wait for virtual machine status change. For example when
# shutting down a vm. Default is 60 seconds.
vm_state = 60
[remotecontrol]
# Enable for remote control of analysis machines inside the web interface.
enabled = no
# Set host of the running guacd service.
guacd_host = localhost
# Set port of the running guacd service.
guacd_port = 4822
Я использую avd, и я следовал инструкциям в документации по кукушке, и я действительно не знаю, что пошло не так
Это мой первый раз, когда я использую песочницу кукушки и задаю вопросы по stackoverflow.как дать мне отзыв о том, что я должен сделать, чтобы решить эту проблему?