Notice: Trying to access array offset on value of type null in /var/www/wiki/includes/profiler/SectionProfiler.php on line 99

Notice: Trying to access array offset on value of type null in /var/www/wiki/includes/profiler/SectionProfiler.php on line 99

Notice: Trying to access array offset on value of type null in /var/www/wiki/includes/profiler/SectionProfiler.php on line 100

Notice: Trying to access array offset on value of type null in /var/www/wiki/includes/profiler/SectionProfiler.php on line 100

Notice: Trying to access array offset on value of type null in /var/www/wiki/includes/profiler/SectionProfiler.php on line 101

Notice: Trying to access array offset on value of type null in /var/www/wiki/includes/profiler/SectionProfiler.php on line 101
Installing Cuckoo 1.1 on Mac OS X Maverick - Zam Wiki

Installing Cuckoo 1.1 on Mac OS X Maverick

From Zam Wiki

Revision as of 21:09, 2 November 2014 by Zam (talk | contribs)

Installing Cuckoo 1.1 on Max OS X Mavericks


Setting up the environment

  1. sudo easy_install pip
  2. ruby -e "$(curl -fsSL https://raw.github.com/Homebrew/homebrew/go/install)"
  3. brew install ssdeep
  4. sudo pip install --upgrade sqlalchemy bson jinja2 pymongo bottle pefile maec==4.0 django chardet python-magic pydeep yara
  5. brew install libmagic
  6. download dpkt source code from code.google.com/p/dpkt/downloads/list (current version is dpkt-1.8.tar.gz May 2013)
    1. extract file and move to dpkt folder
    2. python setup.py build
    3. sudo python setup.py install
  7. sudo pip install Mako
  8. install tcpdump
  9. copy /usr/sbin/tcpdump to other location & preserve the attribute
  10. sudo chmod +s /usr/sbin/tcpdump


Setting up the virtual machine

  1. install VirtualBox on your Mac OS X
  2. install either Windows XP SP1 or SP2 or SP3 or Windows 7
  3. set the network connection as Host-Only Adapter. You also can choose Bridge Adapter if you want
  4. power on Windows XP image
  5. download and install Python 2.7 (https://www.python.org/ftp/python/2.7.6/python-2.7.6.msi)
  6. download and install PIL (http://effbot.org/downloads/PIL-1.1.7.win32-py2.7.exe)


Setting up the sandbox

  1. download & extract Cuckoo from http://cuckoosandbox.org/downloads/cuckoo-current.tar.gz
  2. edit conf/virtualbox.conf file.
  3. search for label = cuckoo1 and change "cuckoo1" to your virtual box label name this name refer at Virtualbox -> Settings -> General -> Basic -> Name
  4. also edit platform and IP Address


Warm-up Session

  1. start the virtual machine
  2. copy agent (agent.py) to virtual machine
  3. rename agent.py to agent.pyw
  4. double click agent.pyw to run the agent


Saving the Virtual Machine

  • Before doing this make sure you rebooted it softly and that it’s currently running, with Cuckoo’s agent running and with Windows fully booted.
  1. VBoxManage snapshot "<Name of VM>" take "<Name of snapshot>" --pause
    • e.g. - VBoxManage snapshot "XP" take "XP1" --pause


After the snapshot creation is completed, you can power off the machine and restore it:

  1. VBoxManage controlvm "<Name of VM>" poweroff
  2. VBoxManage snapshot "<Name of VM>" restorecurrent

e.g.

  • - VBoxManage controlvm "XP" poweroff
  • - VBoxManage snapshot "XP" restorecurrent



Running a Sample for the first time
On terminal, open 3-seperated tabs.

On tab 1,

  1. python cuckoo.py

On tab 2,

  1. python web.py
  2. then open localhost:8080 on your web browser

On tab 3,

  1. python submit.py <filename>


Watching the first tab, wait till analysis is done. Next refresh your browser. You should see the results there.

blog comments powered by Disqus

Retrieved from "http://wiki.khairulazam.net/index.php?title=Installing_Cuckoo_1.1_on_Mac_OS_X_Maverick&oldid=99"