KONFIGURASI
Masuk ke dalam file cuckoo yang telah di run sebelumnya
Ubah file cuckoo.conf
$CWD/conf/cuckoo.confMenjadi
machinery = virtualbox [resultserver] ip = 10.151.64.194 #This is the IP address of the host port = 2042 #leave default unless you have services runningUbah file auxiliary.conf
$CWD/conf/auxiliary.confMenjadi
[sniffer] # Enable or disable the use of an external sniffer (tcpdump) [yes/no]. enabled = yes # Specify the path to your local installation of tcpdump. Make sure this # path is correct. # You can check this using the command: whereis tcpdump tcpdump = /usr/sbin/tcpdump # Specify the network interface name on which tcpdump should monitor the # traffic. Make sure the interface is active. # The ifconfig command will show you the interface name. interface = vboxnet0Ubah konfigurasi Virtualbox
$CWD/conf/virtualbox.confMenjadi
machines = cuckoo1 [cuckoo1] label = cuckoo1 platform = windows ip = 10.151.64.196 # IP address of the guest snapshot = cuckoo # name of snapshotUbah konfigurasi reporting.conf
$CWD/conf/reporting.confMenjadi
[mongodb] enabled = yesBuat Virtualbox menggunakan Windows XP, gunakan bridge connection agar dapat terhubung dengan MacOS
Install python2.7 pada Windows XP https://www.python.org/downloads/release/python-2711/
Install python imaging library pada Windows XP http://effbot.org/downloads/PIL-1.1.7.win32-py2.7.exe
Copy file agent.py dari
.cuckoo/cuckoo/agent/agent.pyke dalam virtual mesin Windows XPC:/Documents and Settings/All Users/Start Menu/Programs/StartupBuatlah snapshot dari Windows XP saat dimatikan dan dilakukan restorasi dari state terakhir sebelum mati dengan
vboxmanage snapshot "windowsxp" take "snapshot1" --pause vboxmanage controlvm "windowsxp" poweroff vboxmanage snapshot "windowsxp" restorecurrent