[Error] Install Cuckoo Sandbox & troubleshoot

pip install cuckoo

then, I got this.

Error Message:

(ValueError: jpeg is required unless explicitly disabled using --disable-jpeg, aborting)

    writing manifest file 'Pillow.egg-info/SOURCES.txt'
    copying PIL/OleFileIO-README.md -> build/lib.linux-x86_64-2.7/PIL
    running build_ext
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-YliYps/pillow/setup.py", line 767, in <module>
        zip_safe=not debug_build(), )
      File "/usr/lib/python2.7/dist-packages/setuptools/__init__.py", line 129, in setup
        return distutils.core.setup(**attrs)
      File "/usr/lib/python2.7/distutils/core.py", line 151, in setup
        dist.run_commands()
      File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
        self.run_command(cmd)
      File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
        cmd_obj.run()
      File "/usr/lib/python2.7/dist-packages/setuptools/command/install.py", line 61, in run
        return orig.install.run(self)
      File "/usr/lib/python2.7/distutils/command/install.py", line 601, in run
        self.run_command('build')
      File "/usr/lib/python2.7/distutils/cmd.py", line 326, in run_command
        self.distribution.run_command(command)
      File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
        cmd_obj.run()
      File "/usr/lib/python2.7/distutils/command/build.py", line 128, in run
        self.run_command(cmd_name)
      File "/usr/lib/python2.7/distutils/cmd.py", line 326, in run_command
        self.distribution.run_command(command)
      File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
        cmd_obj.run()
      File "/usr/lib/python2.7/distutils/command/build_ext.py", line 340, in run
        self.build_extensions()
      File "/tmp/pip-build-YliYps/pillow/setup.py", line 512, in build_extensions
        ' using --disable-%s, aborting' % (f, f))
    ValueError: jpeg is required unless explicitly disabled using --disable-jpeg, aborting
 
    ----------------------------------------
Command "/usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-YliYps/pillow/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-9HfuUJ-record/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-build-YliYps/pillow/

[Capture of Error message]

I happened from missed installation things also relatated "pillow".

I googled it and some StackOverflow pages commented about it as solution of "pillow" problem.

Link:

https://stackoverflow.com/questions/34631806/fail-during-installation-of-pillow-python-module-in-linux

It was right but, another also exist. then, directly I suggest what you missed for the full installation of cuckoo sandbox

$ sudo apt-get install python python-pip python-dev libffi-dev libssl-dev
$ sudo apt-get install python-virtualenv python-setuptools
$ sudo apt-get install libjpeg-dev zlib1g-dev swig

Even if you solve the "pillow" problem you may meet another one after.

like the following "Error Message"

Error Message:

(ValueError: zlib is required unless explicitly disabled using --disable-zlib, aborting)

    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-pB5Kue/pillow/setup.py", line 767, in <module>
        zip_safe=not debug_build(), )
      File "/usr/lib/python2.7/dist-packages/setuptools/__init__.py", line 129, in setup
        return distutils.core.setup(**attrs)
      File "/usr/lib/python2.7/distutils/core.py", line 151, in setup
        dist.run_commands()
      File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
        self.run_command(cmd)
      File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
        cmd_obj.run()
      File "/usr/lib/python2.7/dist-packages/setuptools/command/install.py", line 61, in run
        return orig.install.run(self)
      File "/usr/lib/python2.7/distutils/command/install.py", line 601, in run
        self.run_command('build')
      File "/usr/lib/python2.7/distutils/cmd.py", line 326, in run_command
        self.distribution.run_command(command)
      File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
        cmd_obj.run()
      File "/usr/lib/python2.7/distutils/command/build.py", line 128, in run
        self.run_command(cmd_name)
      File "/usr/lib/python2.7/distutils/cmd.py", line 326, in run_command
        self.distribution.run_command(command)
      File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
        cmd_obj.run()
      File "/usr/lib/python2.7/distutils/command/build_ext.py", line 340, in run
        self.build_extensions()
      File "/tmp/pip-build-pB5Kue/pillow/setup.py", line 512, in build_extensions
        ' using --disable-%s, aborting' % (f, f))
    ValueError: zlib is required unless explicitly disabled using --disable-zlib, aborting
 
    ----------------------------------------
Command "/usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-pB5Kue/pillow/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-3F647p-record/install-record.txt --single-version-externally-managed --compile --user --prefix=" failed with error code 1 in /tmp/pip-build-pB5Kue/pillow/

[Capture of Error message]

you figure out then type command next.

pip install cuckoo

done.

---

Plus.

mysql-python install problem

Problem:

root@root-PC:~$ pip install mysql-python
Collecting mysql-python
 
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-FskTss/mysql-python/

Solution:

Before do command,

pip install MySql-python

Try this,

sudo apt install libmysqlclient-dev

After installing it, I tried again

https://stackoverflow.com/questions/43543483/pip-install-mysql-python-fails-with-indexerror/44309407#44309407

---

Cuckoo can not get vm status from virtualbox

problem

after launch cuckoo by command "cockoo"

It stopped after message "[cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager"

expected message the following doesn't show up

[cuckoo.core.scheduler] INFO: Loaded 1 machine/s

[cuckoo.core.scheduler] INFO: Waiting for analysis tasks.

Solution

check virtualbox.conf configuration. 

"path= "

It must be

"/usr/bin/VBoxManage"

or

"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe"

not ~\VirtualBox or something

---

Tcpdump

WinDump is basically tcpdump for the Windows platform and you can download it from here: https://www.winpcap.org/windump/install/default.htm.

The default file name of WinDump is windump.exe. I just renamed it to tcpdump.exe on my installation.

https://www.trustwave.com/Resources/SpiderLabs-Blog/Cuckoo--Linux-Subsystem--Some-Love-for-Windows-10/

windump rename to "tcpdump.exe" 

and check for vbox network interface the following (host)

Host: All the related firewall setting off.

Guest: All the firewall setting off.

---

Cuckoo sandbox debug Under Pycharm edit environment

1. make temporary python script like "main.py"

2. copy the following script

3. set breakpoint what u want to see.

4. debug it

# -*- coding: utf-8 -*-
import os
# "cuckoo executable" installed path under python installed 
os.chdir('C:\Users\[UserName]\AppData\Local\conda\conda\envs\py27\Scripts')
import re
import sys
from cuckoo.main import main
if __name__ == '__main__':
    print "sargv0",sys.argv[0]
    sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])
    sys.exit(main(args=[]))
# the upper code is copied from "cuckoo executable"