hatching / vmcloak Goto Github PK

as subj says :)

Running the command to initialize the VM:

vmcloak init --win7 testbox --netmask 255.255.255.0 --ip 10.10.10.71 --gateway 10.10.10.1

Two lines of output are returned:

Warning: creating filesystem that does not conform to ISO-9660.
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

No progress after that happens. When looking at the vm or using the --vm-visible command, the process seems to be hung during the Windows version selection screen. Any hints on how to deal with this? I can't find any documentation that says how to specify a windows version (other than x64).

Could you please add a license to this so it can be add to our repo https://archassault.org

Thanks

When creating the iso, vmcloak fails due to a missing directory (eg /tmp/tmpPgkZbZ/i386 (the i386 directory is not created therefor line 116 of misc.py fails). When created manually, the command succeeds.

Currently when deploying with vmcloak the agent window will be open on desktop. This kind of creates issue that you have to use "vmcloak modify" to deploy the vm for cuckoo. well ... sometimes you're lazy and don't want to do that :)

I think I'm seeing a problem with the "vmcloak install" command post setting up proxy environment variables...

vmcloak install seven0 vcredist
...
Traceback (most recent call last):
  File "/usr/local/bin/vmcloak", line 11, in <module>
    load_entry_point('VMCloak==0.4.4a1', 'console_scripts', 'vmcloak')()
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 716, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 696, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 1060, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 889, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.4a1-py2.7.egg/vmcloak/main.py", line 290, in install
    a.ping()
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.4a1-py2.7.egg/vmcloak/agent.py", line 36, in ping
    return self.get("/", timeout=5)
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.4a1-py2.7.egg/vmcloak/agent.py", line 22, in get
    return requests.get(url, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 72, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 58, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 518, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 639, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 514, in send
    raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPConnectionPool(host='10.1.10.23', port=3128): Read timed out. (read timeout=5)

Proxy details set via the standard HTTP_PROXY / HTTPS_PROXY / http_proxy / https_proxy environment variables. Other commands utilizing the proxy seem to work out...

wget https://cdn.arstechnica.net/wp-content/uploads/2016/02/5718897981_10faa45ac3_b-640x624.jpg
--2017-05-23 21:56:31--  https://cdn.arstechnica.net/wp-content/uploads/2016/02/5718897981_10faa45ac3_b-640x624.jpg
Connecting to 10.1.10.23:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 97530 (95K) [image/jpeg]
Saving to: ‘5718897981_10faa45ac3_b-640x624.jpg’

100%[===================================================================================================================>] 97,530      --.-K/s   in 0.02s

2017-05-23 21:56:31 (3.99 MB/s) - ‘5718897981_10faa45ac3_b-640x624.jpg’ saved [97530/97530]

This seems to lock the VM causing later commands to generate snapshots to fail...

DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createvm', '--register', '--name', 'vm1', '--basefolder', '/home/pass/.vmcloak/vms']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'vm1', '--ostype', 'Windows7_64']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'vm1', '--ioapic', 'on', '--cpus', '2']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'vm1', '--mouse', 'usbtablet']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'vm1', '--memory', '2048']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'vm1', '--vram', '16']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storagectl', u'vm1', '--add', 'ide', '--name', 'IDE']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyhd', u'/home/pass/.vmcloak/image/seven0.vdi', '--type', 'multiattach']
VBoxManage: error: Medium '/home/pass/.vmcloak/image/seven0.vdi' is locked for writing by another task
VBoxManage: error: Details: code VBOX_E_INVALID_OBJECT_STATE (0x80bb0007), component Medium, interface IMedium, callee nsISupports
VBoxManage: error: Context: "COMSETTER(Type)(DiskType)" at line 556 of file VBoxManageDisk.cpp
ERROR:vmcloak.vm:[-] Error running command: Command '['/usr/bin/VBoxManage', 'modifyhd', u'/home/pass/.vmcloak/image/seven0.vdi', '--type', 'multiattach']' returned non-zero exit status 1
Traceback (most recent call last):
  File "/usr/local/bin/vmcloak", line 11, in <module>
    load_entry_point('VMCloak==0.4.4a1', 'console_scripts', 'vmcloak')()
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 716, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 696, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 1060, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 889, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 534, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.4a1-py2.7.egg/vmcloak/main.py", line 489, in snapshot
    hostname or random_string(8, 16), adapter, vm_visible
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.4a1-py2.7.egg/vmcloak/main.py", line 416, in do_snapshot
    m, h = initvm(image, name=vmname, multi=True, ramsize=ramsize, cpus=cpus)
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.4a1-py2.7.egg/vmcloak/main.py", line 56, in initvm
    m.attach_hd(image.path, multi=multi)
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.4a1-py2.7.egg/vmcloak/vm.py", line 113, in attach_hd
    self._call("modifyhd", hdd_path, type_="multiattach")
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.4a1-py2.7.egg/vmcloak/vm.py", line 40, in _call
    raise CommandError
vmcloak.exceptions.CommandError

I guess we should still put the necessary office registry keys to vmcloak aswell apart from cuckoo. It'll be easier to have deployed host ready to use no matter if it's for cuckoo or other use
@jbremer how do you feel about that ?

INFO:vmcloak:Waiting for the Virtual Machine 'w7' to connect back, this may take up to 30 minutes.
Traceback (most recent call last):
  File "/usr/local/bin/vmcloak", line 301, in <module>
    main()
  File "/usr/local/bin/vmcloak", line 240, in main
    sock.bind((s.host_ip, s.host_port))
  File "/usr/lib/python2.7/socket.py", line 228, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 99] Cannot assign requested address

This error is in less of 30 min.

The "setup.py" part is missing in the documentation. Should be in there, I think

Gents,

whoever comes across an issue where while running vmcloak vboxnet0 (and using non-default IP addesses for vm-s) gets reverted back to default 192.168.56.1. The solution is running following command under user where vmcloak/cuckoo hosts are being deployed:
VBoxManage setextradata global "HostOnly/vboxnet0/IPAddress" _GATEWAY_
after that - reboot (to be safe however it's probably not necessary)

it would be nice to know if anyone bumps into this issue to understand if it makes sense to integrate this "fix" into vmcloak

Can't see anything that would be causing the issues from cursory vmcloak code inspection, but both times i have specified auxiliary files to upload, subsequent attempts to use the vms for sample analysis in cuckoo have cause initialization timeouts:

2015-02-27 13:14:18,820 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.57.201)
2015-02-27 13:15:18,911 [lib.cuckoo.core.scheduler] ERROR: cuckoo1: the guest initialization hit the critical timeout, analysis aborted.

If i'm "doing it wrong" feel free to close :)

edit: my fault i had powered off the vm causing the agent to be stopped and deleted

For every VM there should be a json file containing the settings (especially the random ones). Malware is for example using user name + computer name to fingerprint the system. Signatures registering that fingerprint generation would be cool. But for that we would have to access the computer name somewhere in the signature.

setup does not install keyboard_layout_values.txt into .../dist-packaged/vmcloak/data

Hey,

how about adding this line to the bootstrap.bat to disable User Account Control (UAC) on Windows 7+?

C:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

My Windows 7 x86 SP1 VMs are still a bit chatty on the network, partially because of NCSI being enabled by default. It would be nice if vmcloak turned it off at creation time.

Need to setup a custom build server.

Wouldn't it be appropriate to run subset of functions from bootstrap.py (namely, the registry renaming) after reboot?

Prior to running...
sudo python setup.py install
...I was able to run...
make singlehtml
...to generate documentation.

After running the VMCloak install trying to run Sphinx to generate documentation results in a version conflict error with cryptography...

sudo make singlehtml
sphinx-build -b singlehtml -d _build/doctrees   . _build/singlehtml
Running Sphinx v1.5a1

Exception occurred:
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 859, in resolve
    raise VersionConflict(dist, req).with_context(dependent_req)
ContextualVersionConflict: (cryptography 1.3.2 (/usr/local/lib/python2.7/dist-packages), Requirement.parse('cryptography>=1.3.4; extra == "security"'), set(['requests']))
The full traceback has been saved in /tmp/sphinx-err-GLcxYX.log, if you want to report the issue to the developers.
Please also report this if it was a user error, so that a better error message can be provided next time.
A bug report can be filed in the tracker at <https://github.com/sphinx-doc/sphinx/issues>. Thanks!
make: *** [singlehtml] Error 1

A tag for a specific feature could be defined in a dependency. Adding a auto-tag for the OS version and language it should cover the basic things to tag. Dependency tag should contain application and version

Setting the host/guest ip address for initial vmcloak setup needs better documentation.

Plus: renaming the parameter --hostonly-ip to something with "guest" in it would make it easier to understand

wget is invoked to download the packages from the central server but missing in https://github.com/jbremer/vmcloak/blob/master/docs/requirements.rst

hello,

trying out this awesomeness but running into an issue building the VM.
ran through the blog and mounted the iso

bullwinkle@woody:~/isos$ mount -l | grep win7
/home/bullwinkle/winsp.iso on /mnt/win7 type iso9660 (ro) [WINSP]

bullwinkle@woody:~/isos$ df -aTh | grep win7
/dev/loop0     iso9660          2.4G  2.4G     0 100% /mnt/win7

then i run the commands and get the python error

vmcloak init win7x64 seven0

Traceback (most recent call last):
 File "/usr/local/bin/vmcloak-init", line 12, in <module>
 from vmcloak.dependencies import Python27
File "/usr/local/lib/python2.7/dist-packages/vmcloak/dependencies/__init__.py", line 5, in <module>
 from vmcloak.abstract import Dependency
File "/usr/local/lib/python2.7/dist-packages/vmcloak/abstract.py", line 6, in <module>
import os.path
File "/usr/local/lib/python2.7/dist-packages/vmcloak/os/__init__.py", line 5, in <module>
 from vmcloak.os.winxp import WindowsXP
File "/usr/local/lib/python2.7/dist-packages/vmcloak/os/winxp.py", line 9, in <module>
 from vmcloak.abstract import OperatingSystem
ImportError: cannot import name OperatingSystem

any clues to what i might be running into? i'll keep poking away but thanks!

bullwinkle@woody:~/isos$ cat /etc/os-release 
NAME="Ubuntu"
VERSION="14.04.5 LTS, Trusty Tahr"
Linux woody 3.16.0-77-generic #99~14.04.1-Ubuntu SMP Tue Jun 28 19:17:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

A random function to generate "realistic" random hardware. I think it should just select one out of 5 drive vendors or something.

When i install vmcloak, it dowload Silverlight_Developer_x86.exe and save it in Silverlight_Developer_x64.exe, and perfore the sha1 comparaison failed.

vmcloak -r --win7x64 Cuckoo --cuckoo /home/futex/Documents/Softs/Cuckoo/cuckoo --data-dir /home/futex/VirtualBox\ VMs --iso-mount /mnt/win7x64
--2015-06-15 13:30:08-- http://cuckoo.sh/vmcloak-files/Silverlight_Developer_x86.exe
Connexion à XXXXXXXX… connecté.
requête Proxy transmise, en attente de la réponse… 200 OK
Taille : 9331416 (8,9M) [application/octet-stream]
Sauvegarde en : « /home/futex/.vmcloak/deps/files/Silverlight_Developer_x64.exe »

/home/futex/.vmcloak/deps/files/Silverlight_Developer_x64.exe 100%[=====================================================================================================================================================================>] 8,90M 2,23MB/s ds 3,5s

2015-06-15 13:30:11 (2,53 MB/s) — « /home/futex/.vmcloak/deps/files/Silverlight_Developer_x64.exe » sauvegardé [9331416/9331416]

WARNING:vmcloak.deps:File Silverlight_Developer_x64.exe of dependency 'silverlight5' downloaded with an incorrect sha1.

When the init command for vmcloak is ran, the system fails init and states that there is an ImportError: No module named vmcloak.dependencies

Any suggestions on how to get around and fix this import error?

Hello,

I tried using an msdn ISO for Windows 7 Ultimate x64 SP1 and it seems to get stuck on a screen during the installation. ISO was provided for testing. Thanks for taking a look.

root@cuckoo:~# vmcloak init --win7x64 --product ultimate seven0 -d -v
--2017-01-01 13:56:14--  https://cuckoo.sh/vmcloak/python-2.7.6.msi
Resolving cuckoo.sh (cuckoo.sh)... 149.210.181.54
Connecting to cuckoo.sh (cuckoo.sh)|149.210.181.54|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16281600 (16M) [application/octet-stream]
Saving to: ‘/root/.vmcloak/deps/python-2.7.6.msi’

/root/.vmcloak/deps/python-2.7.6.msi               100%[================================================================================================================>]  15.53M  11.1MB/s   in 1.4s

2017-01-01 13:56:16 (11.1 MB/s) - ‘/root/.vmcloak/deps/python-2.7.6.msi’ saved [16281600/16281600]

DEBUG:vmcloak.abstract:Executing genisoimage: /usr/bin/genisoimage -quiet -b boot.img -o /root/.vmcloak/iso/seven0.iso -no-emul-boot -iso-level 2 -udf -J -l -D -N -joliet-long -relaxed-filenames /root/.vmcloak/iso/tmpL6gggS
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createvm', '--register', '--name', 'seven0', '--basefolder', '/root/.vmcloak/vms']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven0', '--ostype', 'Windows7_64']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven0', '--ioapic', 'on', '--cpus', '1']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven0', '--mouse', 'usbtablet']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven0', '--memory', '2048']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven0', '--vram', '16']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createhd', '--size', '262144', '--filename', '/root/.vmcloak/image/seven0.vdi']
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storagectl', u'seven0', '--add', 'ide', '--name', 'IDE']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'seven0', '--storagectl', 'IDE', '--device', '0', '--type', 'hdd', '--medium', '/root/.vmcloak/image/seven0.vdi', '--port', '0']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'seven0', '--storagectl', 'IDE', '--device', '0', '--type', 'dvddrive', '--medium', '/root/.vmcloak/iso/seven0.iso', '--port', '1']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'list', 'hostonlyifs']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven0', '--nictype1', '82540EM', '--cableconnected1', 'on', '--nicpromisc1', 'allow-all', '--hostonlyadapter1', 'vboxnet0', '--nic1', 'hostonly']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven0', '--macaddress1', '186ac6687a41']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven0', '--vrdeproperty', 'VNCPassword=', '--vrdeport', '4000', '--vrde', 'on']
INFO:vmcloak:Starting the Virtual Machine u'seven0' to install Windows.
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'startvm', u'seven0', '--type', 'headless']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'seven0', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'seven0', '--machinereadable']
.........

I modified VMCloak to enable the VRDE service, and logged in - the VM wasn't installing Windows so I guess the unattended install wasn't working?

I'm using en_windows_7_ultimate_with_sp1_x86_dvd_u_677460.iso [e2c009a66d63a742941f5087acae1aa438dcbe87010bddd53884b1af6b22c940] from MSDN.

I install with pip version 0.2.5 and I do:

vboxmanage list hostonlyifs
vboxmanage hostonlyif create
vboxmanage hostonlyif ipconfig vboxnet0 --ip 192.168.56.1
sudo mkdir /mnt/w7
sudo mount -o loop,ro /home/jhg/Win_7_32Bit.iso /mnt/win7
mkdir ~/vms
mkdir ~/vms-data
vmcloak-vboxnet0
vmcloak --win7 --serial-key ONE00-FAKE0-KEY00-IT000-IS000 --vm-dir ~/vms/ --data-dir ~/vms-data/ --iso-mount /mnt/win7 --hostonly-ip 192.168.56.101 --hdsize 61440 --no-hwvirt --no-register-cuckoo --vm-visible w7

Then vmcloak run:

Warning: creating filesystem that does not conform to ISO-9660.
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
INFO:vmcloak:Starting the Virtual Machine 'w7' to install Windows.
INFO:vmcloak:Waiting for the Virtual Machine 'w7' to connect back, this may take up to 30 minutes.

The VM start but only show first screen of Windows installation and not do more. In terminal, not do more, only wait more that 30 minutes and only wait but not continue installation.

With nmap I show that VM not has IP but in preferences I has DHCP enable in vboxnet0:

nmap 192.168.56.0/24 -p80-65000

Starting Nmap 6.40 ( http://nmap.org ) at 2015-07-08 14:57 WEST
Nmap scan report for 192.168.56.1
Host is up (0.00040s latency).
Not shown: 64920 closed ports
PORT     STATE SERVICE
16705/tcp open  unknown

Nmap done: 254 IP addresses (1 host up) scanned in 66.04 seconds

Only show this screen:

I like your credits page, Especially the nlite thing that helped a lot. I think it would be cool to include the ITES project as well. Maybe even Avira, that would be helpful in getting similar projects running (as in "support Open Source")

As the title says; ability to run PowerShell scripts in the VM.

While attempting to install Windows 10 - it displayed an error:

Windows cannot read the <ProductKey> setting from the unattend answer file

root@cuckoo:~# vmcloak init --win10x64 ten0 -d -v --serial-key MYKEY --product pro
--2017-01-01 15:12:33--  https://cuckoo.sh/vmcloak/python-2.7.6.msi
Resolving cuckoo.sh (cuckoo.sh)... 149.210.181.54
Connecting to cuckoo.sh (cuckoo.sh)|149.210.181.54|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16281600 (16M) [application/octet-stream]
Saving to: ‘/root/.vmcloak/deps/python-2.7.6.msi’

/root/.vmcloak/deps/python-2.7.6.msi               100%[================================================================================================================>]  15.53M  11.2MB/s   in 1.4s

2017-01-01 15:12:34 (11.2 MB/s) - ‘/root/.vmcloak/deps/python-2.7.6.msi’ saved [16281600/16281600]

DEBUG:vmcloak.abstract:Executing genisoimage: /usr/bin/genisoimage -quiet -b boot.img -o /root/.vmcloak/iso/ten0.iso -no-emul-boot -iso-level 2 -udf -J -l -D -N -joliet-long -relaxed-filenames /root/.vmcloak/iso/tmppD2J9o
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createvm', '--register', '--name', 'ten0', '--basefolder', '/root/.vmcloak/vms']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'ten0', '--ostype', 'Windows10_64']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'ten0', '--ioapic', 'on', '--cpus', '1']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'ten0', '--mouse', 'usbtablet']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'ten0', '--memory', '2048']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'ten0', '--vram', '16']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createhd', '--size', '262144', '--filename', '/root/.vmcloak/image/ten0.vdi']
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storagectl', u'ten0', '--add', 'ide', '--name', 'IDE']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'ten0', '--storagectl', 'IDE', '--device', '0', '--type', 'hdd', '--medium', '/root/.vmcloak/image/ten0.vdi', '--port', '0']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'ten0', '--storagectl', 'IDE', '--device', '0', '--type', 'dvddrive', '--medium', '/root/.vmcloak/iso/ten0.iso', '--port', '1']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'list', 'hostonlyifs']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'ten0', '--nictype1', '82540EM', '--cableconnected1', 'on', '--nicpromisc1', 'allow-all', '--hostonlyadapter1', 'vboxnet0', '--nic1', 'hostonly']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'ten0', '--macaddress1', '0ce9bea6d048']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'ten0', '--vrdeproperty', 'VNCPassword=', '--vrdeport', '4000', '--vrde', 'on']
INFO:vmcloak:Starting the Virtual Machine u'ten0' to install Windows.
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'startvm', u'ten0', '--type', 'headless']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'ten0', '--machinereadable']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'ten0', '--machinereadable']

This is the autounattend.xml file: https://gist.github.com/JamieH/5443fdb1139f88ca873201f8e22bf5f9

I'm using en_windows_10_multiple_editions_version_1607_updated_jul_2016_x86_dvd_9053863.iso from MSDN 4dc5fef30b4211adc7c94e8d6b5b4ce98d8aba52a829057957e24b853dca9d92

Hi

It seems click.exe got moved to a sub folder, but it still tries to execute it from c:. Causing a fail

adding this todo item for myself so I wouldn't forget :)

https://cuckoo.sh/vmcloak/Windows6.1-KB2533623-x86.msu is not existing. Referenced in https://github.com/jbremer/vmcloak/blob/e76df69f1502bc5e9942297a2102c48a53be3e98/vmcloak/dependencies/kb.py#L45

I am hoping to add some of my own VM 'tricks' to the mix ( macros,yara etc .. ) trying to build out as close I can Open Source Malware Lab - Robert Simmons did ...

root@rmccurdyVM:/media/sf_delete/VM# vmcloak init --win7x64 seven0��[C��[K4 -d -v
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createvm', '--register', '--name', 'seven4', '--basefolder', '/home/operat0r/.vmcloak/vms']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven4', '--ostype', 'Windows7_64']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven4', '--ioapic', 'on', '--cpus', '1']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven4', '--mouse', 'usbtablet']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven4', '--memory', '2048']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven4', '--vram', '16']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'createhd', '--size', '262144', '--filename', '/home/operat0r/.vmcloak/image/seven4.vdi']
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storagectl', u'seven4', '--add', 'ide', '--name', 'IDE']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'seven4', '--storagectl', 'IDE', '--device', '0', '--type', 'hdd', '--medium', '/home/operat0r/.vmcloak/image/seven4.vdi', '--port', '0']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'storageattach', u'seven4', '--storagectl', 'IDE', '--device', '0', '--type', 'dvddrive', '--medium', '/home/operat0r/.vmcloak/iso/seven4.iso', '--port', '1']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'list', 'hostonlyifs']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven4', '--nictype1', '82540EM', '--cableconnected1', 'on', '--nicpromisc1', 'allow-all', '--hostonlyadapter1', 'vboxnet0', '--nic1', 'hostonly']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'modifyvm', u'seven4', '--macaddress1', 'c0e52aaa0c80']
INFO:vmcloak:Starting the Virtual Machine u'seven4' to install Windows.
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'startvm', u'seven4', '--type', 'headless']
DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'seven4', '--machinereadable']

... HOURS LATER ...I ^c it ..

DEBUG:vmcloak.vm:Running command: ['/usr/bin/VBoxManage', 'showvminfo', u'seven4', '--machinereadable']
^C
Aborted!

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.1 LTS"
CHANGELOG.txt:0.4.1, August 27th 2016

Python 2.7.12

ps auxwww|egrep -ia "(python|vb)"
root 1193 0.0 0.0 0 0 ? S< 19:41 0:00 [iprt-VBoxWQueue]
root 1212 0.0 0.0 256720 2996 ? Sl 19:41 0:02 /usr/sbin/VBoxService
root 1509 0.0 0.0 0 0 ? S< 19:41 0:00 [iprt-VBoxWQueue]
root 1510 0.0 0.0 0 0 ? S 19:41 0:00 [iprt-VBoxTscThr]
operat0r 2434 0.0 0.0 49464 316 ? S 19:41 0:00 /usr/bin/VBoxClient --clipboard
operat0r 2435 0.0 0.0 117848 4276 ? Sl 19:41 0:00 /usr/bin/VBoxClient --clipboard
operat0r 2444 0.0 0.0 49464 316 ? S 19:41 0:00 /usr/bin/VBoxClient --display
operat0r 2445 0.0 0.0 49600 3548 ? S 19:41 0:00 /usr/bin/VBoxClient --display
operat0r 2456 0.0 0.0 49464 312 ? S 19:41 0:00 /usr/bin/VBoxClient --seamless
operat0r 2457 0.0 0.0 115648 2120 ? Sl 19:41 0:00 /usr/bin/VBoxClient --seamless
operat0r 2461 0.0 0.0 49464 312 ? S 19:41 0:00 /usr/bin/VBoxClient --draganddrop
operat0r 2462 0.1 0.0 116164 2000 ? Sl 19:41 0:19 /usr/bin/VBoxClient --draganddrop
root 3204 0.5 0.1 247748 14028 ? S 19:44 0:49 /usr/lib/virtualbox/VBoxXPCOMIPCD
root 3210 1.2 0.2 675776 21384 ? Sl 19:44 1:59 /usr/lib/virtualbox/VBoxSVC --auto-shutdown
root 3427 1.5 6.6 1351712 588164 ? Sl 19:44 2:33 /usr/lib/virtualbox/VBoxHeadless --comment seven4 --startvm d52c87f1-5fae-4bf1-b512-49fe5b849767 --vrde config
root 3440 0.0 0.1 241904 14576 ? S 19:44 0:00 /usr/lib/virtualbox/VBoxNetDHCP --ip-address 192.168.56.100 --lower-ip 192.168.56.101 --mac-address 08:00:27:60:59:26 --netmask 255.255.255.0 --network HostInterfaceNetworking-vboxnet0 --trunk-name vboxnet0 --trunk-type netflt --upper-ip 192.168.56.254
root 10465 0.0 0.0 14224 1020 pts/1 S+ 22:27 0:00 grep -E --color=auto -ia (python|vb)

Use the click library to improve the command-line usage of VMCloak.

Splitting dependencies with split() does not work for comma separated dependencies (default for empty arg is " "). So either documentation or code is wrong. Your call

Hi,

while creating a snapshot with latest version I bumped into a case like this. Running on clean install of ubuntu and Virtualbox 5.0.16-105871Ubuntutrusty amd64

error from console :

razu@razu:~$ vmcloak snapshot --vm-visible win7p1 win764bit 192.168.56.101
Traceback (most recent call last):
File "/usr/local/bin/vmcloak-snapshot", line 5, in
pkg_resources.run_script('VMCloak==0.3.10', 'vmcloak-snapshot')
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 528, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1394, in run_script
execfile(script_filename, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.3.10-py2.7.egg/EGG-INFO/scripts/vmcloak-snapshot", line 95, in
main()
File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.3.10-py2.7.egg/EGG-INFO/scripts/vmcloak-snapshot", line 82, in main
a.static_ip(args.ipaddr, image.netmask, image.gateway)
File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.3.10-py2.7.egg/vmcloak/agent.py", line 85, in static_ip
except requests.exceptions.ReadTimeout:
AttributeError: 'module' object has no attribute 'ReadTimeout'

As far as I understand it, even with a valid key the installed Windows VM is not actually being activated, right?

Since this is offered for office, it would be nice to offer this capability for Windows too. Probably requires modifying the autounattend.xml files.

Hello, I am using this repo to do an install of cuckoo https://github.com/benrau87/AutoCuckoo. After I am done doing the setup, it runs VMCloak. When I get to the step to install adobe9, wic, pillow, etc, it just hangs. What happens at that point is that the VM boots back up but does absolutely nothing. I was wondering why it's not actually installing. Separate question, as you can see, I named this "Cuckoo2" but I would really like it to be named cuckoo1. I tried and failed with cuckoo1 and when I tried again, it said the name was taken so I took Cuckoo2. Do you know a way to delete the old VMs so that I can still use the name cuckoo1? Thanks

I patched in a m.vrde(3389, "") into https://github.com/jbremer/vmcloak/blob/master/vmcloak/main.py#L385 to be able to modify VMs remotely. It might be useful to others too or a nice feature to have in general, since headless mode is probably a relatively common use case.

If this functionality is popular, I would just add it with 2 more options to the modify command and submit a pull request.

Trying to install adobe9: just python.exe empty window is visible in VirtualBox window.
There is no any Adobe processes created in VM, there is no something non-standard processes too.

Support VMWare

While creating an image with vmcloak I go a hash mismatch error for vcredist_2013_x64.exe. The file was downloaded correctly from cuckoo.sh (digital signature is OK), but the hash is bef7e7cc1dcc45c0c11682d59c64843727557179, while the hash checked by VMCloak (and on the Microsoft website) is 8bf41ba9eef02d30635a10433817dbb6886da5a2.

From what I can tell, the bef7... executable on the website is older (signed in 2013), whereas the hash belongs to a newer version (signed in 2014) which has been distributed by Microsoft since.

D:\downloads>openssl dgst -sha1 vcredist_x64.exe
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
SHA1(vcredist_x64.exe)= 8bf41ba9eef02d30635a10433817dbb6886da5a2

D:\downloads>openssl dgst -sha1 vcredist_2013_x64.exe
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
SHA1(vcredist_2013_x64.exe)= bef7e7cc1dcc45c0c11682d59c64843727557179

The error:

Traceback (most recent call last):
  File "/usr/local/bin/vmcloak-install", line 5, in module
    pkg_resources.run_script('VMCloak==0.3.10', 'vmcloak-install')
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 528, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 1394, in run_script
    execfile(script_filename, namespace, namespace)
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.3.10-py2.7.egg/EGG-INFO/scripts/vmcloak-install", line 105, in module
    main()
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.3.10-py2.7.egg/EGG-INFO/scripts/vmcloak-install", line 92, in main
    d(h, m, a, image, version, settings).run()
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.3.10-py2.7.egg/vmcloak/dependencies/adobe9.py", line 41, in run
    self.wait_process_exit("adobe9.exe")
  File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.3.10-py2.7.egg/vmcloak/abstract.py", line 339, in wait_process_exit
    for line in self.a.execute("tasklist").json()["stdout"].split("\n"):
KeyError: 'stdout'

ah yes ... the nightmare of dev-s :)

Linked clones can be faster when being restored. Support an option to create those

Following your guide, i get to this step :
" vmcloak init --win7x86 --iso-mount win7.ISO --ip [ip] cuckoo1 "

giving me back an error:
Traceback (most recent call last):
File "/usr/local/bin/vmcloak", line 9, in
load_entry_point('VMCloak==0.4.3a2', 'console_scripts', 'vmcloak')()
File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 716, in call
return self.main(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 696, in main
rv = self.invoke(ctx)
File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 1060, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 889, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/usr/local/lib/python2.7/dist-packages/click-6.6-py2.7.egg/click/core.py", line 534, in invoke
return callback(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.3a2-py2.7.egg/vmcloak/main.py", line 220, in init
if not h.buildiso(mount, iso_path, bootstrap, tempdir):
File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.3a2-py2.7.egg/vmcloak/abstract.py", line 247, in buildiso
copytreelower(mount, outdir)
File "/usr/local/lib/python2.7/dist-packages/VMCloak-0.4.3a2-py2.7.egg/vmcloak/misc.py", line 50, in copytreelower
os.path.join(dstdir, path.lower()))
File "/usr/lib/python2.7/shutil.py", line 84, in copyfile
copyfileobj(fsrc, fdst)
File "/usr/lib/python2.7/shutil.py", line 49, in copyfileobj
buf = fsrc.read(length)
IOError: [Errno 5] Input/output error

How can i fix this problem?
Thanks,