0P3N Blog Blog Post

Cuckoo Installation Guide - Part 2

By: kunalgupta007
August 28, 2018

<< Cuckoo Installation, Part 1

---------------MOVE TO VIRTUAL MACHINE----------------

 To verify that the virtual machine has an internet connection, open cmd and ping 8.8.8.8 and see if it replies.Download Python 2.7 (https://www.python.org/download/releases/2.7/)Download Python Pillow 5.2.0 (https://pypi.org/project/Pillow/#files).Install BothFor me, the Python Pillow file was called 'Pillow-5.2.0.win32-py2.7.exe'- Install Guest Additions on the Windows machine- Then click on Devices located in the top bar and click shared folders. Share the cuckoo agent (found in /opt/cuckoo/agent on Ubuntu machine) and copy it across to your OS and close the share. The agent folder should be on your desktop with the agent.py and the agent.sh file inside.You now need to disable your firewall. Press the windows key and type in firewall. Click on 'Windows Firewall', then click on 'Turn Windows Firewall on or off' and disable it. Now click the windows key and type in user, click on 'change user account control settings'. Drag the slider down to 'never notify', and click ok.Once both the firewall is off, and the UAC is off. Start the agent.py and close everything else.Now click on the machine and click ‘take snapshot’. NOTE: Name this file 'Snapshot' NOT 'Snapshot 1'. Write 'nothing installed' in the description <- this doesn't matter as much, but it helps when identifying between different snapshots.Once the snapshot has been taken, close the windows machine but DO NOT close the agent. Click ‘Power off the machine’ and remember to click "Restore current snapshot 'Snapshot'" before shutting it down.Now that the environment has been set up, we can start setting up and configuring cuckoo to perform malware analysis.

----------------BACK TO UBUNTU MACHINE----------------

A lot of these settings should be similar by default but make sure you check them as one error will prevent cuckoo from working correctly. If the settings are the same, then you don’t need to change anything, and you can exit out by pressing CTRL + X.
  1. First, you need to configure Cuckoo, navigate to (in a terminal window): - cd /opt/cuckoo/conf
  2. Four config files need to be checked before cuckoo can be fully configured. Type the following commands. - sudo nano cuckoo.conf
Change settings in here for the cuckoo configuration (if needed). I have left mine as the default settings. Press CTRL + X to exit.- sudo nano virtualbox.conf Settings need to be changed in the virtualbox.conf file. 'interface = vboxnet0', 'machines = cuckoo1', 'label = cuckoo1' and 'ip = 192.168.56.101'. Make sure these four parameters are correct. Then press CTRL + O to save and CTRL + X to exit.- sudo nano memory.conf Change the guest_profile to the version of Windows you are using. I am using Windows 7 Service pack 1 32bit so mine will be 'guest_profile = Win7SP1x86'. Then press CTRL + O to save and CTRL + X to exit.- sudo nano reporting.confFirst, find [mongodb]. Then make sure 'enabled = yes'. Then press CTRL + O to save and CTRL + X to exit.3) We can now run Cuckoo. Open TWO different terminals and navigate to (on each terminal window):- cd /opt/cuckoo (NOTE: Both terminals should be in the same location)First terminal: - cuckoo -d This will start cuckoo. Second terminal: - cuckoo webOnce you run this command, it will give you a link which you need to open. It should look like 'https://localhost:8000/'. Open this link in Firefox or any browser and upload any file into the Web UI. Make sure you check the checkbox with the file, then click analyze. This will take some time and you should have a full report afterward! :)Guest Additions Install Guide 
  1. First, open up a fresh install of Ubuntu 16.04.
  2. Click on devices located in the top bar.
  3. Click on ‘Insert Guest Additions CD Image’.
    • This will then create a folder with the Guest Additions ISO file.
  4. Open a terminal window and navigate to this directory.
  5. Run this command: ‘./VBoxLinuxAdditions.run’.
  6. Reboot Ubuntu.
If the above method doesn’t work
  1. Click on devices and go to optical drives.
  2. Click Remove disk from virtual drive.
  3. Reboot Ubuntu.
  4. Do all the steps from the Guest Additions Install Guide above.
<< Cuckoo Installation, Part 1Additional Resources:

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry