Configure Cuckoo sandbox with Linux subsystem on WIN10

Source: Internet
Author: User
Tags install mongodb mongodb

Original link: https://www.trustwave.com/Resources/SpiderLabs-Blog/Cuckoo--Linux-Subsystem--Some-Love-for-Windows-10/

Thanks to this author's article, it is really convenient and quick to configure the environment. Here's a note on how to configure and use:

One, deploying Windows Subsystem for Linux

Follow the official documentation steps to install Https://msdn.microsoft.com/en-us/commandline/wsl/install_guide

1. Open PowerShell, enter the following command to enable the function, restart

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

2. Install a Linux app in the store, I'm pretending to be Ubuntu

3. Install the following module in the Ubuntu Command window

# Get Latest Updates
$ sudo apt-get update
$ sudo apt-get upgrade

# Install LAMP Server
$ sudo apt-get install lamp-server^

# Install MongoDB
$ sudo apt-get install MongoDB

# Run Apache, MySQL and MongoDB
$ sudo service apache2 start
$ sudo service MySQL start
$ sudo service MongoDB start

I installed the error when the Apache2 and MySQL opened, but did not affect the main function.

Second, installation Cuckoo

I'm using the Python version is 2.7.12

1.cmd input command pip install Cuckoo, start to install Cuckoo (also can install on windows7, just do not have the function of MongoDB module), this command will install cuckoo must library, if one fails, can continue to execute PIP Install Cuckoo

2.cmd input Command Cuckoo init, then in %userprofile%\.cuckoo (C:\users\<username>\.cuckoo) A. Cuckoo folder is generated under the path where we can configure the virtual machine and view the parsed file.

3.cmd input Command cuckoo community, download feature library file

4.cmd input Command cuckoo-d start analysis, this way the result is only JSON more detailed, the generated HTML is very brief, the case of the installation of MongoDB can use the Cuckoo Web Runserver command, use the Web page to submit and view detailed analysis results.

5.cmd input Command Cuckoo submit path, you can submit a sample. If MongoDB is installed, it can be submitted directly in the Web page.

6.yaya:http://yara.readthedocs.io/en/v3.4.0/gettingstarted.html#installing-on-windows

7.Volatility:

c:\> pip install distorm3c:\> pip install pycryptoc:\> Pip Install volatility

8.MySQL

C:\> Easy_install Mysql-python

Third, host configuration

1.%userprofile%\.cuckoo (C:\users\<username>\.cuckoo) path to find the Conf file, modify the configuration file inside

cuckoo.conf[database]connection= MySQL://Cuckoo:[email Protected]/cuckoo# note:i created a MySQL user'Cuckoo'With'Cuckoo'  asThe password and a database name of'Cuckoo'# I'm not using this feature for the time being auxillary.conf[sniffer]enabled=Yestcpdump=c:\tools\tcpdump\tcpdump.exe# note:the location path depends onwhereYou installed Windump.exe. and I renamed Windump.exe to tcpdump.exevmware.conf [vmware]# specify which VMware Workstation mode you want to run your m Achines on.# Can be"GUI"Or"Nogui". Refer to VMware'S Official# documentation to understand the Differences.mode=gui# Path to the local installation of the Vmrun Utility.path=d:\vmware\vmrun.exe# Specify a comma-separated list of available machines to be used. For each# specified ID, you had to define a dedicated sections containing the details# on the respective machine. (e.g. Cuckoo1,cuckoo2,cuckoo3) machines=cuckoo1[cuckoo1]# Specify the path to VMX file of This VirtualMachine.vmx_path= C:\VM\Windows7X64\windows7x64.vmx# Specify the snapshot name to Use.snapshot=cuckoo# Specify the operating system platform used by current machine# [Windows/darwin/Linux].platform=windows# Specify the IP address of the currentVirtualMachine . Make sure that the# IP address isValid and that of the host machine isable to reach it. If not,# The analysis would fail.ip=192.168.56.128reporting.conf[mongodb]enabled= yes

C: In the 2.windump:https://www.winpcap.org/windump/install/default.htm,cuckoo? Python27? lib?site-packages?cuckoo?auxiliary?sniffer.py file using Windump analysis results, this file can be modified a little bit to fit windows

The following adds a path to ' \ R ' and Tcpdump.exe

For line in Err.split ("\ r\ n"):

If not line continue or Line.startswith (Err_whitelist_start):

Continue

Err_whitelist_start = (

"Tcpdump:listening on",

"C:\\tools\\tcpdump\\tcpdump.exe:listening on",

)

3.cuckoo configuration is only the host mode, you can modify the following host, using the hostname to communicate, using a NAT network, to catch network events.

Iv. Client

1. I am using VMware, or only host mode, first configure the host IP, in the host will VMnet1 configuration bit 192.168.56.1

2. Install Python in the virtual machine, install the Pillow Library (using NAT mode)

Pip Install Pillow

3. Configure the static ip:192.168.56.128 in the virtual machine (select a custom VMNET1 network, configure the static IP)

4. Copy the agent file under the %userprofile%\.cuckoo (c:\users\<username>\.cuckoo) path to the virtual machine, run it, save the image

You can now wait for the task to be analyzed using the cuckoo-d or Cuckoo Web Runserver in the second step.

V. Problems encountered

1. Open HTML and PDF save in reporting.conf, PDF requires Weasyprint library, this library needs to depend on other files

This is solved for me by installing the following dependencies on Ubuntu:

sudo apt-get install libpango1.0-0
sudo apt-get install Libcairo2
sudo apt-get install Libpq-dev

Check out the dependencies at the link:

Http://weasyprint.readthedocs.io/en/latest/install.html

Configure Cuckoo sandbox with Linux subsystem on WIN10

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.