James的資訊安全實驗室: 3月 2017

2017年3月24日星期五

How to Install Cuckoo Sandbox? [Step3]

Configuration

Step1:修改cuckoo的設定與參數

在Cuckoo 的conf目錄下有幾個設定檔案，但是最基本、基礎的設定值只要幾個：

請先修改reporting.conf

[jsondump]
enabled = yes <== no 改為yes
indent = 4
encoding = latin-1
calls = yes

[reporthtml]
enabled = yes <== no 改為yes

[mongodb]
enabled = yes <== no 改為yes
host = 127.0.0.1
port = 27017
db = cuckoo
store_memdump = yes
paginate = 100

再來修改virtualbox.conf

[cuckoo1]
label = Win7_32 <==虛擬機的名稱

Step2:啟動cuckoo 及入口網頁介面

1)在cuckoo目錄下執行./cuckoo.py

2)在cuckoo\web目錄下執行./manage.py runserver

Step3:上載惡意程式測試看看囉

先到惡意程式分享網站上下載一隻來測試看看

打開firefox 輸入127.0.0.1:8000

可以看到成功上載，並開始分析了

當系統分析完成後，網頁就會顯示reported，請點選該惡意程式的MD5欄位就可以看分析報告

以上就是個人測試與安裝的過程，提供各位試試囉。

How to Install Cuckoo Sandbox? [Step2]

Install VirtualBox on Window7

1. Install Windows 7 OS (Don't Update !)

2.Install Office 2003 or 2010 (Don't Update !)

3.Install AdbeRdr9.exe (Don't Update !)

4.Install flash-player9.msi (Don't Update !)

5.shutdown firewall and UAC

6.shutdown[OS][office][Adobe] auto update function

7. Install Python 2.7 (注意要將python加入作業系統PAHT環境變數)

8.Install Python Imaging Library (PIL)

9.安裝 cuckoo 的 agent.py 到自動啟動目錄、修改 agent.py檔名成agent.pyw

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

10.關閉網路自動探測功能

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet

直接把EnableActiveProbing從1改成0

11.關閉Teredo IPv6 Tunneling in Microsoft Windows功能

Open a command prompt with administrator privileges

(Start->Accessories->right click on Command Prompt,

choose Run as Administrator):

C:\netsh interface teredo set state disabled [Enter]

12.設定網路環境

1)在ubuntu下到cuckoo目錄下執行 sudo ./udate_ip_tables.sh

2)在ubuntu下開啟Virtualbox 網路設定，新增一組HostOnly的網路介面 [vboxnet0]

3)在ubuntu下開啟虛擬機的網路設定，使用HostOnly的網路介面 [vboxnet0]

虛擬機的網路設定如下圖

4)測試ubuntu與虛擬機間的網路是否正常

ubuntu: Ping 192.168.56.101

vm: Ping 192.168.56.1

Ping www.google.com

5)當vm的設定與測試都正常後，請將虛擬機儲存一個 [snapshot] <==很重要、很重要、很重要

How to Install Cuckoo Sandbox? [Step1]

Install All Packages dependencies and libraries

Step1: update

$ sudo apt-get update

Step2: Install the dependencies and libraries

$ sudo apt-get install -y python python-pip python-dev python-sqlalchemy python-dpkt python-jinja2 python-magic python-pymongo python-libvirt subversion git build-essential git libpcre3 libpcre3-dev libpcre++-dev python-bottle libffi-dev libssl-dev libxml2-dev libxslt-dev libxslt1-dev libjpeg-dev libfuzzy-dev ssdeep autoconf automake libtool make gcc

Step3: Upgrade pip-9.0.1-py2.py3-none-any.whlc

$ sudo pip install --upgrade pip

$ sudo pip install -U pip setuptools

Step4: Install Pefile Python Modulec

$ wget https://github.com/erocarrera/pefile/files/192316/pefile-2016.3.28.tar.gz

$ tar zxvf pefile-2016.3.28.tar.gz

$ cd pefile-2016.3.28/

$ sudo python setup.py build

$ sudo python setup.py install

$ cd ..

Step5: Install pydeept Python Module

$ git clone https://github.com/kbandla/pydeep.git pydeep

$ cd pydeep

$ sudo python setup.py build

$ sudo python setup.py install

$ cd ..

Step6: Install jasson-2.10

$ wget http://www.digip.org/jansson/releases/jansson-2.10.tar.gz

$ tar zxvf jansson-2.10.tar.gz

$ cd jansson-2.10/

$ ./configure

$ make

$ sudo make install

$ cd ..

Step7: Install swing-3.0.12

$ wget http://downloads.sourceforge.net/swig/swig-3.0.12.tar.gz

$ tar zxvf swig-3.0.12.tar.gz

$ cd swig-3.0.12/

$ ./configure

$ make

$ sudo make install

$ cd ..

Step8: Install M2Crypto==0.24.0

$ wget https://pypi.python.org/packages/58/75/362faac80a1bc2742b4b696dc350518312043d568bfd2687a9270f18da88/M2Crypto-0.24.0.tar.gz#md5=8e87235942c76d1ba9f999ee33764fdb

$ tar zxvf M2Crypto-0.24.0.tar.gz

$ cd M2Crypto-0.24.0/

$ sudo python setup.py build

$ sudo python setup.py install

$ cd ..

Step9: \Install YARA 3.5

$ sudo apt-get install -y flex bison

$ wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz

$ tar xvfz v3.5.0.tar.gz

$ cd yara-3.5.0/

$ ./bootstrap.sh

$ ./configure --enable-cuckoo --enable-magic

$ make

$ sudo make install

Step10: Install Tcpdump

$ sudo apt-get -y install tcpdump libpcap-dev

$ sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

$ getcap /usr/sbin/tcpdump

Step11: "Create ip_tables.sh"

$ echo '#!/bin/bash' >update_ip_tables.sh

$ echo 'iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT' >> update_ip_tables.sh

$ echo 'iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> update_ip_tables.sh

$ echo 'iptables -A POSTROUTING -t nat -j MASQUERADE' >> update_ip_tables.sh

$ echo 'sysctl -w net.ipv4.ip_forward=1' >> update_ip_tables.sh

$ chmod +x ./update_ip_tables.sh

$ sudo ./update_ip_tables.sh

Step12: "Install Dnsmasq"

$ sudo apt-get install -y dnsmasq

$ sudo service dnsmasq start

Step13: "Install volatility、MongoDB、tesseract-oct"

$ sudo apt-get install -y volatility mongodb tesseract-ocr

Step 14: "Install Cuckoo Sandbox"

$ git clone https://github.com/cuckoosandbox/cuckoo

Step 15: "Install Cuckoo Sandbox requirement modules"

$ cd cuckoo/

$ sudo -H pip install -r requirements.txt

Step16: "Install Cuckoo Sandbox utilitys"

$ cd utils/

$ ./community.py -a -f -w

Step17: "Install Install Oracle VM VirtualBox"

$ sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'

$ wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

$ wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -

$ sudo apt update && sudo apt-get -y install virtualbox-5.1

Step18: "Install Install Oracle VM VirtualBox Extension Pack"

$ wget http://download.virtualbox.org/virtualbox/5.1.18/Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack

$ VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack

Step19 : "Add cuckoo to Vboxusers Grops"

$ sudo usermod -aG vboxusers cuckoo

========================================================================

install.sh

#!/bin/bash

mkdir install_tmp

cd install_tmp/

echo "====================================="

echo "Ubuntu Packages Update"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo apt-get update

echo "====================================="

echo "Install the dependencies and libraries"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo apt-get install -y python python-pip python-dev python-sqlalchemy python-dpkt python-jinja2 python-magic python-pymongo python-libvirt subversion git build-essential git libpcre3 libpcre3-dev libpcre++-dev python-bottle libffi-dev libssl-dev libxml2-dev libxslt-dev libxslt1-dev libjpeg-dev libfuzzy-dev ssdeep autoconf automake libtool make gcc

echo ""

echo "====================================="

echo "Upgrade pip-9.0.1-py2.py3-none-any.whlc"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo pip install --upgrade pip

sudo pip install -U pip setuptools

echo ""

echo "====================================="

echo "Install Pefile Python Module"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

wget https://github.com/erocarrera/pefile/files/192316/pefile-2016.3.28.tar.gz

tar zxvf pefile-2016.3.28.tar.gz

cd pefile-2016.3.28/

sudo python setup.py build

sudo python setup.py install

cd ..

echo ""

echo "====================================="

echo "Install pydeept Python Module"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

git clone https://github.com/kbandla/pydeep.git pydeep

cd pydeep

sudo python setup.py build

sudo python setup.py install

cd ..

echo ""

echo "====================================="

echo "Install jasson-2.10"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

wget http://www.digip.org/jansson/releases/jansson-2.10.tar.gz

tar zxvf jansson-2.10.tar.gz

cd jansson-2.10/

./configure

make

sudo make install

cd ..

echo ""

echo "====================================="

echo "Install swing-3.0.12"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

wget http://downloads.sourceforge.net/swig/swig-3.0.12.tar.gz

tar zxvf swig-3.0.12.tar.gz

cd swig-3.0.12/

./configure

make

sudo make install

cd ..

echo ""

echo "====================================="

echo "Install M2Crypto==0.24.0"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

wget https://pypi.python.org/packages/58/75/362faac80a1bc2742b4b696dc350518312043d568bfd2687a9270f18da88/M2Crypto-0.24.0.tar.gz#md5=8e87235942c76d1ba9f999ee33764fdb

tar zxvf M2Crypto-0.24.0.tar.gz

cd M2Crypto-0.24.0/

sudo python setup.py build

sudo python setup.py install

cd ..

echo ""

echo "====================================="

echo "Install YARA 3.5"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo apt-get install -y flex bison

wget https://github.com/VirusTotal/yara/archive/v3.5.0.tar.gz

tar xvfz v3.5.0.tar.gz

cd yara-3.5.0/

./bootstrap.sh

./configure --enable-cuckoo --enable-magic

make

sudo make install

cd ~

echo ""

echo "====================================="

echo "Install Tcpdump"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo apt-get -y install tcpdump libpcap-dev

sudo setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump

getcap /usr/sbin/tcpdump

echo ""

echo "====================================="

echo "Create ip_tables.sh"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

echo '#!/bin/bash' >update_ip_tables.sh

echo 'iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT' >> update_ip_tables.sh

echo 'iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> update_ip_tables.sh

echo 'iptables -A POSTROUTING -t nat -j MASQUERADE' >> update_ip_tables.sh

echo 'sysctl -w net.ipv4.ip_forward=1' >> update_ip_tables.sh

chmod +x ./update_ip_tables.sh

sudo ./update_ip_tables.sh

echo ""

echo "====================================="

echo "Install Dnsmasq"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo apt-get install -y dnsmasq

sudo service dnsmasq start

echo ""

echo "====================================="

echo "Install volatility,MongoDB,tesseract-oct"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo apt-get install -y volatility mongodb tesseract-ocr

echo ""

echo "====================================="

echo "Install Cuckoo Sandbox"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

git clone https://github.com/cuckoosandbox/cuckoo

echo ""

echo "====================================="

echo "Install Cuckoo Sandbox requirement modules"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

cd cuckoo/

sudo -H pip install -r requirements.txt

echo ""

echo "====================================="

echo "Install Cuckoo Sandbox utilitys"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

cd utils/

./community.py -a -f -w

echo ""

echo "Cuckoo Sandbox Installed!"

cd ~

cd install_tmp/

echo ""

echo "====================================="

echo "Install Install Oracle VM VirtualBox"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo sh -c 'echo "deb http://download.virtualbox.org/virtualbox/debian xenial contrib" >> /etc/apt/sources.list.d/virtualbox.list'

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -

sudo apt update && sudo apt-get -y install virtualbox-5.1

echo ""

echo "====================================="

echo "Install Install Oracle VM VirtualBox Extension Pack"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

wget http://download.virtualbox.org/virtualbox/5.1.18/Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack

VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-5.1.18-114002.vbox-extpack

cd ~

echo ""

echo "====================================="

echo "Add cuckoo to Vboxusers Grops"

echo "====================================="

read -rsp $'Press [Enter] key to continue....\n'

sudo usermod -aG vboxusers cuckoo

echo ""

echo "==========================================="

echo " Finished!! "

echo "==========================================="

sudo rm -fr install_tmp/

如何自行架設惡意程式分析沙盒(Cuckoo Sandbox) _介紹篇

若需要分析一堆的惡意程式，減少人工分析的時間與精力，自動化惡意程式沙箱分析系統，是一個很好的解決方案，其中是不錯的選擇，因為它是"開源、免費"的。

Cuckoo Sandbox惡意程式分析沙箱

網路上有很多的Cuckoo安裝介紹與手冊等等，但是個人覺得都是寫給"專業人士"看的，在試過好幾種網路上介紹的安裝方法都講的不清不楚，再來就是給你不斷出錯，結果cuckoo 永遠Run不起來!@#@!$!@!$%%，所以決定好好的研究一番寫一篇詳盡安裝步驟(包含每步驟的安裝畫面)，順便也寫個全自動安裝的 Install Bash。

基本上我分為三個大方向

安裝cuckoo所需要得所有套件和相關程式
安裝惡意程式要執行的Client VM 並定好與Server端(Ccuckoo)的網路連線
設定cuckoo的啟動參數

若看官們按上述的方式一步步的做完，基本上就可以把cuckoo 跑起來囉!

由於提供的步驟極為詳盡，所以將分三篇來寫。

如何修復 Arduino Uno Bootloader ?

話說買了兩個Arduino Uno結果一不小心，把其中一個的 Bootloader搞壞了 :-( ，可是手邊又沒有ROM Writer，怎辦??? 上網找了一些資料，發現只要手上有一個"好的"Arduino 就可以把它當作ROM Writer以及Bootloader Source ，然後改寫修復壞的Arduino，參考網站如下：

https://learn.sparkfun.com/tutorials/installing-an-arduino-bootloader

我也把步驟寫出來給大家參考看看~

Reinstall Arduino bootloader

Step 1:

1)準備一個要寫入bootloader 的 Arduino Uno
2)準備一個可正常開機的 Arduino Uno ( Bootloader ok!! )
3)準備六條杜邦跳線(公 - 母)

Step 2:

依據下圖的指示接線

Step 3:

1) 下載 WinAVR (Windows) or Crosspack for AVR Development (Mac) 軟體,並安裝該程式

2) 下載 Arduino Optiboot Bootloader 並將之解開後,準備好BootLoader328REV3_firmata.hex 檔案

Step 4:

1) 將正常的Arduino 接上USB,開啟Arduino 程式

2) File --> Example --> ArduinoISP

Step5:

將程式上傳到正常的Arduino

Step6:

1)開啟Windows 命令提示字元(Dos Command 視窗)

2)輸入指令

C:\>avrdude -P com6 -b 19200 -c avrisp -p m328p -v -e -U efuse:w:0x05:m -U hfuse

:w:0xD6:m -U lfuse:w:0xFF:m

Ps: com6 <==是指Arduino 的ComPort Number

執行過程如下:

C:\>avrdude -P com6 -b 19200 -c avrisp -p m328p -v -e -U efuse:w:0x05:m -U hfuse

:w:0xD6:m -U lfuse:w:0xFF:m

avrdude: Version 5.10, compiled on Jan 19 2010 at 10:45:23

System wide configuration file is "C:\WinAVR-20100110\bin\avrdude.conf"

Using Port : com6

Using Programmer : avrisp

Overriding Baud Rate : 19200

AVR Part : ATMEGA328P

Chip Erase delay : 9000 us

PAGEL : PD7

BS2 : PC2

RESET disposition : dedicated

RETRY pulse : SCK

serial program mode : yes

parallel program mode : yes

Timeout : 200

StabDelay : 100

CmdexeDelay : 25

SyncLoops : 32

ByteDelay : 0

PollIndex : 3

PollValue : 0x53

Memory Detail :

Block Poll Page

Polled

Memory Type Mode Delay Size Indx Paged Size Size #Pages MinW Max

W ReadBack

----------- ---- ----- ----- ---- ------ ------ ---- ------ ----- ---

-- ---------

eeprom 65 5 4 0 no 1024 4 0 3600 36

00 0xff 0xff

flash 65 6 128 0 yes 32768 128 256 4500 45

00 0xff 0xff

lfuse 0 0 0 0 no 1 0 0 4500 45

00 0x00 0x00

hfuse 0 0 0 0 no 1 0 0 4500 45

00 0x00 0x00

efuse 0 0 0 0 no 1 0 0 4500 45

00 0x00 0x00

lock 0 0 0 0 no 1 0 0 4500 45

00 0x00 0x00

calibration 0 0 0 0 no 1 0 0 0

0 0x00 0x00

signature 0 0 0 0 no 3 0 0 0

0 0x00 0x00

Programmer Type : STK500

Description : Atmel AVR ISP

Hardware Version: 2

Firmware Version: 1.18

Topcard : Unknown

Vtarget : 0.0 V

Varef : 0.0 V

Oscillator : Off

SCK period : 0.1 us

avrdude: AVR device initialized and ready to accept instructions

Reading | ################################################## | 100% 0.18s

avrdude: Device signature = 0x1e950f

avrdude: safemode: lfuse reads as FF

avrdude: safemode: hfuse reads as DE

avrdude: safemode: efuse reads as 5

avrdude: erasing chip

avrdude: reading input file "0x05"

avrdude: writing efuse (1 bytes):

Writing | ################################################## | 100% 0.03s

avrdude: 1 bytes of efuse written

avrdude: verifying efuse memory against 0x05:

avrdude: load data efuse data from input file 0x05:

avrdude: input file 0x05 contains 1 bytes

avrdude: reading on-chip efuse data:

Reading | ################################################## | 100% 0.05s

avrdude: verifying ...

avrdude: 1 bytes of efuse verified

avrdude: reading input file "0xD6"

avrdude: writing hfuse (1 bytes):

Writing | ################################################## | 100% 0.07s

avrdude: 1 bytes of hfuse written

avrdude: verifying hfuse memory against 0xD6:

avrdude: load data hfuse data from input file 0xD6:

avrdude: input file 0xD6 contains 1 bytes

avrdude: reading on-chip hfuse data:

Reading | ################################################## | 100% 0.06s

avrdude: verifying ...

avrdude: 1 bytes of hfuse verified

avrdude: reading input file "0xFF"

avrdude: writing lfuse (1 bytes):

Writing | ################################################## | 100% 0.03s

avrdude: 1 bytes of lfuse written

avrdude: verifying lfuse memory against 0xFF:

avrdude: load data lfuse data from input file 0xFF:

avrdude: input file 0xFF contains 1 bytes

avrdude: reading on-chip lfuse data:

Reading | ################################################## | 100% 0.04s

avrdude: verifying ...

avrdude: 1 bytes of lfuse verified

avrdude: safemode: lfuse reads as FF

avrdude: safemode: hfuse reads as D6

avrdude: safemode: efuse reads as 5

avrdude: safemode: Fuses OK

avrdude done. Thank you.

3)將bootloader的image寫入

C:\>avrdude -P com6 -b 19200 -c avrisp -p m328p -v -e -U flash:w:BootLoader328REV3_firmata.hex -U lock:w

:0x0F:m

執行過程如下:

C:\>avrdude -P com6 -b 19200 -c avrisp -p m328p -v -e -U flash:w:BootLoader328REV3_firmata.hex -U lock:w

:0x0F:m

avrdude: Version 5.10, compiled on Jan 19 2010 at 10:45:23

System wide configuration file is "C:\WinAVR-20100110\bin\avrdude.conf"

Using Port : com6

Using Programmer : avrisp

Overriding Baud Rate : 19200

AVR Part : ATMEGA328P

Chip Erase delay : 9000 us

PAGEL : PD7

BS2 : PC2

RESET disposition : dedicated

RETRY pulse : SCK

serial program mode : yes

parallel program mode : yes

Timeout : 200

StabDelay : 100

CmdexeDelay : 25

SyncLoops : 32

ByteDelay : 0

PollIndex : 3

PollValue : 0x53

Memory Detail :

Block Poll Page

Polled

Memory Type Mode Delay Size Indx Paged Size Size #Pages MinW Max

W ReadBack

----------- ---- ----- ----- ---- ------ ------ ---- ------ ----- ---

-- ---------

eeprom 65 5 4 0 no 1024 4 0 3600 36

00 0xff 0xff

flash 65 6 128 0 yes 32768 128 256 4500 45

00 0xff 0xff

lfuse 0 0 0 0 no 1 0 0 4500 45

00 0x00 0x00

hfuse 0 0 0 0 no 1 0 0 4500 45

00 0x00 0x00

efuse 0 0 0 0 no 1 0 0 4500 45

00 0x00 0x00

lock 0 0 0 0 no 1 0 0 4500 45

00 0x00 0x00

calibration 0 0 0 0 no 1 0 0 0

0 0x00 0x00

signature 0 0 0 0 no 3 0 0 0

0 0x00 0x00

Programmer Type : STK500

Description : Atmel AVR ISP

Hardware Version: 2

Firmware Version: 1.18

Topcard : Unknown

Vtarget : 0.0 V

Varef : 0.0 V

Oscillator : Off

SCK period : 0.1 us

avrdude: AVR device initialized and ready to accept instructions

Reading | ################################################## | 100% 0.19s

avrdude: Device signature = 0x1e950f

avrdude: safemode: lfuse reads as FF

avrdude: safemode: hfuse reads as D6

avrdude: safemode: efuse reads as 5

avrdude: erasing chip

avrdude: reading input file "1.hex"

avrdude: input file 1.hex auto detected as Intel Hex

avrdude: writing flash (32750 bytes):

Writing | ################################################## | 100% 14.34s

avrdude: 32750 bytes of flash written

avrdude: verifying flash memory against 1.hex:

avrdude: load data flash data from input file 1.hex:

avrdude: input file 1.hex auto detected as Intel Hex

avrdude: input file 1.hex contains 32750 bytes

avrdude: reading on-chip flash data:

Reading | ################################################## | 100% 29.78s

avrdude: verifying ...

avrdude: 32750 bytes of flash verified

avrdude: reading input file "0x0F"

avrdude: writing lock (1 bytes):

Writing | ################################################## | 100% 0.06s

avrdude: 1 bytes of lock written

avrdude: verifying lock memory against 0x0F:

avrdude: load data lock data from input file 0x0F:

avrdude: input file 0x0F contains 1 bytes

avrdude: reading on-chip lock data:

Reading | ################################################## | 100% 0.05s

avrdude: verifying ...

avrdude: 1 bytes of lock verified

avrdude: safemode: lfuse reads as FF

avrdude: safemode: hfuse reads as D6

avrdude: safemode: efuse reads as 5

avrdude: safemode: Fuses OK

avrdude done. Thank you.

終於決定回來了

Hi:
我回來了~ 好久沒有發表文章。感謝之前許多網友來信問了一些資安相關問題，然小弟我實在太忙常常忘了回信或是拖了超超久屆考才回覆，實在非常的抱歉。

這個網誌隔了快近4年沒有更新，讓一些網友感覺我好像已經遺棄它了，實際上應該說是我太懶，每次想把一些個人研究或收集到的好資料要放上來，每每就一個念頭: "下次再一起放上吧!" "#%@@%@!%$##! 藉口" 都想罵自己了。

加上習慣不好研究資料、文件到處亂放，每次找就是翻硬碟、翻USB 找個老半天，所以昨晚痛定思痛決定開始整理放上來，也可以說是當自己的線上筆記吧~

訂閱：文章 (Atom)

2017年3月24日 星期五

Configuration

Step2:啟動cuckoo 及 入口網頁介面

Step3:上載惡意程式測試看看囉

Install VirtualBox on Window7

3)在ubuntu下開啟虛擬機的網路設定，使用HostOnly的網路介面 [vboxnet0]

虛擬機的網路設定如下圖

Install All Packages dependencies and libraries

Reinstall Arduino bootloader

2017年3月24日星期五

Step2:啟動cuckoo 及入口網頁介面