Cuckoo Installation Guide: Malware Sandboxing – Part 1

August 28, 2018 | Views: 8261

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Cuckoo is an opensource project that was a part of Google Summer Code. Now Cuckoo Sandbox 2.0.0 is out. Sandbox is an automated dynamic malware analysis system.

Earlier in January or February, I tried to implement it but it was not working well. However, my friend Ishan Bajaj was able to do so. Thus we have made this documentation which can help to Implement and Cuckoo.

———-Please follow given instruction carefully———-

DONE IN UBUNTU 16.04 WITH WINDOWS 7 ULTIMATE 32-BIT AS TESTING OS

Installation Guide

Firstly, you must install Ubuntu 16.04; this is pretty straightforward by using Virtual Box. Once Ubuntu is installed, you must install Guest Additions to allow you to share files from your host PC to the Ubuntu VM (tutorial for how to install and troubleshoot guest additions is written at the end of this document). After you have installed the guest additions, create a shared folder from the Virtual Box settings which should contain the OS that you will use to test on. For example, Windows 7 Ultimate 32-Bit. You can also put this installation guide inside to copy and paste commands; this will make the process easier. Once that is all done, you can start.

 ————–START IN UBUNTU MACHINE————–

  1. sudo apt-get update
  2. Reboot Ubuntu
  3. sudo apt-get install git -y
  4. Requirements
    • – sudo apt-get install python python-pip python-dev libffi-dev libssl-dev -y
    • – sudo apt-get install python-virtualenv python-setuptools -y
    • – sudo apt-get install libjpeg-dev zlib1g-dev swig -y
  5. sudo apt-get install mongodb -y
  6. sudo apt-get install postgresql libpq-dev -y
  7. Install VirtualBox (inside Ubuntu)
    • – echo deb http://download.virtualbox.org/virtualbox/debian xenial contrib | sudo tee -a /etc/apt/sources.list.d/virtualbox.list
    • – wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add –
    • – sudo apt-get update
    • – sudo apt-get install virtualbox-5.1 -y
  8. Install tcpdump
    • – sudo apt-get install tcpdump apparmor-utils -y
    • – sudo aa-disable /usr/sbin/tcpdump
  9. Install Volatility
    • – sudo git clone https://github.com/volatilityfoundation/volatility
    • – cd volatility
    • – sudo python ./setup.py install
    • – cd ..
  10. Install M2Crypto
    • – sudo apt-get install swig
    • – sudo pip install m2crypto==0.24.0
  11. Download & Install Cuckoo
    • – sudo pip install -U pip setuptools
    • – sudo pip install -U cuckoo
    • – sudo pip install distorm3
  12. Create a Cuckoo Working Directory
    • – sudo mkdir /opt/cuckoo
    • – sudo chown cuckoo:cuckoo /opt/cuckoo (cuckoo:cuckoo will be replaced by username:host, for example, zerowatch:Ubuntu)
    • – cuckoo –cwd /opt/cuckoo

You have now downloaded all the necessary software so it is time to move onto setting up the testing environment. You must have a copy of your chosen OS (I used Windows 7 Ultimate 32-Bit) on the Ubuntu machine. If that is done, you can continue.

 1) sudo virtualbox

 I assume everyone knows how to install a virtual machine within VirtualBox so please install your OS. NOTE: Name it ‘cuckoo1’ or else cuckoo will not recognise it when analysing!

I assigned my OS: 1.5GB of RAM, 1 CPU and a 25GB Hard Disk – Install can take a while

2) Once the install is complete, close the Virtual machine and use these following commands (in Ubuntu)

– vboxmanage hostonlyif create

– vboxmanage hostonlyif ipconfig vboxnet0 –ip 192.168.56.1 <- Use this IP specifically, it doesn’t need to be altered.

Use ifconfig to ensure the network adapter shows up, it should be called ‘vboxnet0’ as above. Change the network adapter on VirtualBox to host only and vboxnet0 and start the machine. NOTE: Before starting the machine, remember to remove the ISO from the storage settings of Virtual Box or else it will take you through the whole setup process again.

—————-MOVE TO VIRTUAL MACHINE—————-

 

3) Edit the network settings on your OS, disable IPv6 and use the following

Static IP – 192.168.56.101

Default Gateway – 192.168.56.1

DNS – any DNS server (I used 8.8.8.8)

—————-BACK TO UBUNTU MACHINE—————-

 

4) Go back to the Ubuntu machine and use the following commands

– sudo iptables -A FORWARD -o ens32 -i vboxnet0 -s 192.168.56.0/24 -m conntrack –ctstate NEW -j ACCEPT

– sudo iptables -A FORWARD -m conntrack –ctstate ESTABLISHED, RELATED -j ACCEPT

– sudo iptables -A POSTROUTING -t nat -j MASQUERADE

– echo 1 > /proc/sys/net/ipv4/ip_forward NOTE: it may give you permisson problems, if it does, then sudo it. if that doesn’t work then use:

– sudo su

– echo 1 > /proc/sys/net/ipv4/ip_forward

Cuckoo Installation, Part 2 >>


Additional resources: 

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel