Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cuckoo Permission Denied #178

Closed
hackdefendr opened this issue Feb 4, 2018 · 9 comments
Closed

Cuckoo Permission Denied #178

hackdefendr opened this issue Feb 4, 2018 · 9 comments
Labels
scope:analyzer Issue is analyzer related scope:question

Comments

@hackdefendr
Copy link

Cuckoo Permission Denied

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian
OS version (client) 9
Cortex Analyzer Name CuckooSandbox
Cortex Analyzer Version 1.0
Cortex Version 1.1.4
Browser type & version Chrome

Description

Every Cuckoo submission returns the below error. Other analyzers seem to run fine from the same folder.

{
"errorMessage": "Error: Invalid output\nsh: 1: ./cuckoosandbox_analyzer.py: Permission denied\n",
"input": null,
"success": false
}

Steps to Reproduce

  1. Install Cortex
  2. Install Cuckoo
  3. Configure Cortex settings for Cuckoo
  4. Run Cuckoo analysis (file or url)
@hackdefendr
Copy link
Author

So just to test...I set my Cuckoo analyzer folder to 777. This seems to resolve the permission error, and now I get this:

{
"errorMessage": "Unexpected Error: Expecting value: line 2 column 1 (char 1)",
"input": {
"dataType": "url",
"config": {
"url": "http://10.71.1.5:8080",
"max_tlp": 1,
"check_tlp": true,
"service": "url_analysis"
},
"tlp": 0,
"data": "http://d2u6vujtbrga6l.cloudfront.net"
},
"success": false
}

@garanews
Copy link
Contributor

garanews commented Feb 5, 2018

Hi,
are you able to submit manually a file or an url to cuckoo using api? (http://docs.cuckoosandbox.org/en/latest/usage/api/)

curl -F file=@/home/cuckoo/xxx.exe http://localhost:8001/tasks/create/file
curl -F url="http://www.malicious.site" http://localhost:8001/tasks/create/url

@hackdefendr
Copy link
Author

Is that for the Cuckoo API or the Cortex API?
Cuckoo works fine by itself.
I will try those commands when I get off work.

@garanews
Copy link
Contributor

garanews commented Feb 5, 2018

These are for speak with cuckoo.
From the machine where you run the cortex analyzer you should be able to submit a file/url to cuckoo using curl and pointing the api port of cuckoo.
On the cuckoo machine you have to be sure that api service is on, in ps aux | grep python you should see a row similar to this:
/usr/bin/python /usr/local/bin/cuckoo api --host 0.0.0.0 --port 8001

@saadkadhi saadkadhi added scope:analyzer Issue is analyzer related scope:question labels Feb 6, 2018
@garanews
Copy link
Contributor

garanews commented Feb 7, 2018

Can you provide any feedback?

@hackdefendr
Copy link
Author

Yes I can submit files and urls via the Cuckoo API, but my API is not listening on port 8001.

@garanews
Copy link
Contributor

garanews commented Feb 7, 2018

In the /etc/cortex/application.conf you should set your cuckoo url with its api port whatever it is.

@hackdefendr
Copy link
Author

I already have that configured.

This is beyond the basic stuff.

@saadkadhi
Copy link
Contributor

@hackdefendr I'd advise getting in contact with @garanews on Gitter for troubleshooting the problem then summing up the results here. A GitHub issue is not well-suited for debugging in my opinion.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scope:analyzer Issue is analyzer related scope:question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hackdefendr @saadkadhi @garanews