TechKnow

Author Topic: Cuckoo Sandbox on Debian Setup Notes  (Read 582 times)

0 Members and 1 Guest are viewing this topic.

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Cuckoo Sandbox on Debian Setup Notes
« on: March 08, 2018, 10:27:32 AM »
#VARIOUS DEPENDENCIES
apt-get install dirmngr -y
apt-get install htop -y
apt-get install gcc -y
apt-get install build-essential -y
apt-get install linux-headers-686 linux-headers-4.9.0-4-686 -y
apt-get install python python-pip python-dev libffi-dev libssl-dev -y
apt-get install python-virtualenv python-setuptools -y
apt-get install libjpeg-dev zlib1g-dev swig -y
apt-get install mongodb -y --allow-unauthenticated
apt-get install postgresql libpq-dev -y
apt-get install qemu-kvm libvirt-bin bridge-utils python-libvirt -y
pip install XenAPI

#VBOX ADDONS
mkdir /VMA
cp -r /media/cdrom0/* /VMA
cd /
cd VMA
chmod +x ./VBoxLinuxAdditions.run
./VBoxLinuxAdditions.run


#SSDEEP
cd ssdeep-2.14.1
./configure
make
make install
ldconfig
cd ..

#PYDEEP
cd pydeep-master
python setup.py build
python setup.py test
python setup.py install
cd ..

#YARA
cd yara-master
apt-get install autoconf
apt-get install libtool
apt-get install flex
apt-get install bison
apt-get install libjansson-dev
./configure --enable-cuckoo
./build.sh
make
make check
make install
cd ..

#TCP DUMP
apt-get install tcpdump
#SETCAP
apt-get install libcap2-bin
#Tcpdump requires root privileges, but since you don’t want Cuckoo to run as root you’ll have to set specific Linux capabilities to the binary:
setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump
#Verify setcap:
getcap /usr/sbin/tcpdump

#M2Crypto
apt-get install build-essential python3-dev python-dev libssl-dev swig
pip install m2crypto

#VIRTUALBOX
echo deb http://download.virtualbox.org/virtualbox/debian stretch contrib | sudo tee -a /etc/apt/sources.list.d/virtualbox.list
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
sudo apt-get update
sudo apt-get install virtualbox-5.2

#CUCKOO
adduser cuckoo
usermod -a -G vboxusers cuckoo
usermod -a -G libvirtd cuckoo

#VIRTUALENV
virtualenv venv
. venv/bin/activate
pip install -U pip setuptools
pip install -U cuckoo
cuckoo --cwd ~/.cuckoo
cuckoo community
« Last Edit: March 10, 2018, 10:06:24 AM by Stephan »

Offline @sim

  • Newbie
  • *
  • Posts: 35
  • Karma: +0/-0
  • Script kiddie
Re: Cuckoo Sandbox on Debian Setup Notes
« Reply #1 on: August 05, 2018, 08:53:15 PM »
Oh that was a damn nice share, although this guide is only for Deb and I'm on arch but you introduced a nice tool to me, you should've shared it in tools instead as it can save alot of time in manually setting up rammap, INetSim, Burp suite etc tor Lab environment
Sometimes Good Guys Don't Wear White

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: Cuckoo Sandbox on Debian Setup Notes
« Reply #2 on: August 14, 2018, 04:09:29 PM »
Oh that was a damn nice share, although this guide is only for Deb and I'm on arch but you introduced a nice tool to me, you should've shared it in tools instead as it can save alot of time in manually setting up rammap, INetSim, Burp suite etc tor Lab environment
I agree! This should be somewhere else but, it's not entirely tested and are really just my quicknotes on the setup, hence why I've thrown it in the Misc section, so other people and myself can find the notes.

Hey, that sounds like a AWESOME homelab you're building!

Offline @sim

  • Newbie
  • *
  • Posts: 35
  • Karma: +0/-0
  • Script kiddie
Re: Cuckoo Sandbox on Debian Setup Notes
« Reply #3 on: August 14, 2018, 05:12:04 PM »
Yup I'm getting interested in malware analysis, Ransomwares, worms and their behaviours etc
Sometimes Good Guys Don't Wear White

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: Cuckoo Sandbox on Debian Setup Notes
« Reply #4 on: August 15, 2018, 09:36:05 AM »
Yup I'm getting interested in malware analysis, Ransomwares, worms and their behaviours etc
I think we're going to be best friends :android-ninja:

Offline @sim

  • Newbie
  • *
  • Posts: 35
  • Karma: +0/-0
  • Script kiddie
Re: Cuckoo Sandbox on Debian Setup Notes
« Reply #5 on: August 15, 2018, 10:13:01 AM »
We already are  :) I know you have a great history that some Android Tab brands won't forget 😀
Sometimes Good Guys Don't Wear White

Offline HcH

  • TechKnow Owner, Ethical Hacker
  • Administrator
  • Uber Member
  • *****
  • Posts: 9946
  • Karma: +2285/-111
Re: Cuckoo Sandbox on Debian Setup Notes
« Reply #6 on: August 15, 2018, 10:57:08 AM »
We already are  :) I know you have a great history that some Android Tab brands won't forget 😀
Great! :cool-android: Whahaha, hopefully we here on TK can write some more history :android-inlove:

Offline @sim

  • Newbie
  • *
  • Posts: 35
  • Karma: +0/-0
  • Script kiddie
Re: Cuckoo Sandbox on Debian Setup Notes
« Reply #7 on: August 15, 2018, 12:01:43 PM »
 :cool-android:
Sometimes Good Guys Don't Wear White