Difference between revisions of "Installing Cuckoo 1.1 on Mac OS X Maverick"
From Zam Wiki
(Created page with "Installing Cuckoo 1.1 on Max OS X Mavericks '''Setting up the environment''' # sudo easy_install pip # ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/inst...") |
|||
| Line 9: | Line 9: | ||
# download dpkt source code from code.google.com/p/dpkt/downloads/list (current version is dpkt-1.8.tar.gz May 2013) | # download dpkt source code from code.google.com/p/dpkt/downloads/list (current version is dpkt-1.8.tar.gz May 2013) | ||
## extract file and move to dpkt folder | ## extract file and move to dpkt folder | ||
| + | ## python setup.py build | ||
## sudo python setup.py install | ## sudo python setup.py install | ||
# sudo pip install Mako | # sudo pip install Mako | ||
Revision as of 22:02, 30 April 2014
Installing Cuckoo 1.1 on Max OS X Mavericks
Setting up the environment
- sudo easy_install pip
- ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
- sudo pip install --upgrade sqlalchemy bson jinja2 pymongo bottle pefile maec==4.0 django chardet python-magic pydeep yara
- brew install libmagic
- download dpkt source code from code.google.com/p/dpkt/downloads/list (current version is dpkt-1.8.tar.gz May 2013)
- extract file and move to dpkt folder
- python setup.py build
- sudo python setup.py install
- sudo pip install Mako
- install tcpdump
- copy /usr/sbin/tcpdump to other location & preserve the attribute
- sudo chmod +s /usr/sbin/tcpdump
Setting up the virtual machine
- install VirtualBox on your Mac OS X
- install either Windows XP SP1 or SP2 or SP3 or Windows 7
- set the network connection as Host-Only Adapter. You also can choose Bridge Adapter if you want
- power on Windows XP image
- download and install Python 2.7 (https://www.python.org/ftp/python/2.7.6/python-2.7.6.msi)
- download and install PIL (http://effbot.org/downloads/PIL-1.1.7.win32-py2.7.exe)
Setting up the sandbox
- download & extract Cuckoo from http://cuckoosandbox.org/downloads/cuckoo-current.tar.gz
- edit conf/virtualbox.conf file.
- search for label = cuckoo1 and change "cuckoo1" to your virtual box label name this name refer at Virtualbox -> Settings -> General -> Basic -> Name
- also edit platform and IP Address
Warm-up Session
- start the virtual machine
- copy agent (agent.py) to virtual machine
- duplicate agent.py and rename to agent.pyw
- double click agent.pyw to run the agent
Saving the Virtual Machine
- Before doing this make sure you rebooted it softly and that it’s currently running, with Cuckoo’s agent running and with Windows fully booted.
- VBoxManage snapshot "<Name of VM>" take "<Name of snapshot>" --pause
- e.g. - VBoxManage snapshot "XP" take "XP1" --pause
After the snapshot creation is completed, you can power off the machine and restore it:
- VBoxManage controlvm "<Name of VM>" poweroff
- VBoxManage snapshot "<Name of VM>" restorecurrent
e.g.
- - VBoxManage controlvm "XP" poweroff
- - VBoxManage snapshot "XP" restorecurrent
Running a Sample for the first time
On terminal, open 3-seperated tabs.
On tab 1,
- python cuckoo.py
On tab 2,
- python wed.py
- then open localhost:8080 on your web browser
On tab 3,
- python submit.py <filename>
Watching the first tab, wait till analysis is done. Next refresh your browser. You should see the results there.