Source: https://crits.github.io/
Requirements: Docker, MongoDB
Docker Image: https://hub.docker.com/r/remnux/crits/
I. Install the Crits Threat Intelligence Platform (TIP) image via Kitematic;
II. Verify the container status via Kitematic panel
III. Browse to the local panel that is setup by default on port 8443; and
III. Login using the default credentials
Adendum: Additional Debug Information:
2017-01-17 07:15:17,244 CRIT Set uid to user 999
2017-01-17 07:15:17,307 INFO RPC interface ‘supervisor’ initialized
2017-01-17 07:15:17,309 CRIT Server ‘unix_http_server’ running without any HTTP authentication checking
2017-01-17 07:15:17,309 INFO supervisord started with pid 5
2017-01-17 07:15:18,317 INFO spawned: ‘mongod’ with pid 9
2017-01-17 07:15:18,320 INFO spawned: ‘apache2’ with pid 10
2017-01-17 07:15:19,522 INFO success: mongod entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:15:19,523 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
about to fork child process, waiting until server is ready for connections.
forked process: 86
ERROR: child process failed, exited with error number 48
2017-01-17 07:18:00,443 CRIT Set uid to user 999
Unlinking stale socket /data/run/supervisor.sock
2017-01-17 07:18:01,161 INFO RPC interface ‘supervisor’ initialized
2017-01-17 07:18:01,177 CRIT Server ‘unix_http_server’ running without any HTTP authentication checking
2017-01-17 07:18:01,216 INFO supervisord started with pid 5
2017-01-17 07:18:02,264 INFO spawned: ‘mongod’ with pid 9
2017-01-17 07:18:02,310 INFO spawned: ‘apache2’ with pid 10
2017-01-17 07:18:03,304 INFO success: mongod entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:18:03,439 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:18:03,498 INFO exited: apache2 (exit status 0; expected)
about to fork child process, waiting until server is ready for connections.
forked process: 16
ERROR: child process failed, exited with error number 100
2017-01-17 07:19:03,085 CRIT Set uid to user 999
Unlinking stale socket /data/run/supervisor.sock
about to fork child process, waiting until server is ready for connections.
forked process: 12
2017-01-17 07:19:04,273 INFO RPC interface ‘supervisor’ initialized
2017-01-17 07:19:04,284 CRIT Server ‘unix_http_server’ running without any HTTP authentication checking
2017-01-17 07:19:04,336 INFO supervisord started with pid 5
2017-01-17 07:19:05,373 INFO spawned: ‘mongod’ with pid 15
2017-01-17 07:19:05,429 INFO spawned: ‘apache2’ with pid 16
2017-01-17 07:19:06,378 INFO success: mongod entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:19:06,379 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:19:07,262 INFO spawned: ‘mongod’ with pid 19
2017-01-17 07:19:07,344 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:19:07,459 INFO exited: apache2 (exit status 0; expected)
2017-01-17 07:19:07,927 INFO spawned: ‘apache2’ with pid 22
2017-01-17 07:19:08,031 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:19:08,780 INFO exited: apache2 (exit status 0; not expected)
2017-01-17 07:19:09,879 INFO spawned: ‘mongod’ with pid 23
2017-01-17 07:19:09,892 INFO spawned: ‘apache2’ with pid 24
2017-01-17 07:19:10,579 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:19:10,997 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:19:11,034 INFO exited: apache2 (exit status 0; expected)
2017-01-17 07:19:12,058 INFO spawned: ‘apache2’ with pid 28
2017-01-17 07:19:12,669 INFO spawned: ‘mongod’ with pid 29
2017-01-17 07:19:12,757 INFO exited: apache2 (exit status 0; not expected)
2017-01-17 07:19:13,057 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:19:14,187 INFO spawned: ‘apache2’ with pid 32
child process started successfully, parent exiting
2017-01-17 07:19:15,672 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:19:16,678 INFO spawned: ‘mongod’ with pid 106
2017-01-17 07:19:17,108 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:19:18,115 INFO gave up: mongod entered FATAL state, too many start retries too quickly
Drop protection enabled. Will not drop existing content!
User Roles: added 3 roles!
Actions: added 2 actions!
Raw Data Types: added 2 types!
Signature Types: added 3 types!
Drop protection does not apply to effective TLDs
2017-01-17 07:20:59,999 CRIT Set uid to user 999
Unlinking stale socket /data/run/supervisor.sock
2017-01-17 07:21:00,999 INFO RPC interface ‘supervisor’ initialized
2017-01-17 07:21:01,002 CRIT Server ‘unix_http_server’ running without any HTTP authentication checking
2017-01-17 07:21:01,002 INFO supervisord started with pid 5
about to fork child process, waiting until server is ready for connections.
forked process: 12
2017-01-17 07:21:02,120 INFO spawned: ‘mongod’ with pid 15
2017-01-17 07:21:02,182 INFO spawned: ‘apache2’ with pid 16
2017-01-17 07:21:03,003 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:21:03,940 INFO success: apache2 entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:21:05,182 INFO spawned: ‘mongod’ with pid 21
2017-01-17 07:21:06,356 INFO success: mongod entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:21:06,700 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:21:07,710 INFO spawned: ‘mongod’ with pid 79
2017-01-17 07:21:08,446 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:21:09,954 INFO spawned: ‘mongod’ with pid 82
2017-01-17 07:21:10,461 INFO exited: mongod (exit status 100; not expected)
child process started successfully, parent exiting
2017-01-17 07:21:12,476 INFO spawned: ‘mongod’ with pid 100
2017-01-17 07:21:13,709 INFO success: mongod entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-01-17 07:21:13,838 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:21:14,939 INFO spawned: ‘mongod’ with pid 105
2017-01-17 07:21:15,292 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:21:16,333 INFO spawned: ‘mongod’ with pid 118
2017-01-17 07:21:16,636 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:21:18,797 INFO spawned: ‘mongod’ with pid 121
2017-01-17 07:21:19,256 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:21:22,270 INFO spawned: ‘mongod’ with pid 127
2017-01-17 07:21:22,537 INFO exited: mongod (exit status 100; not expected)
2017-01-17 07:21:23,549 INFO gave up: mongod entered FATAL state, too many start retries too quickly
Drop protection enabled. Will not drop existing content!
User Roles: existing documents detected. skipping!
Actions: existing documents detected. skipping!
Raw Data Types: existing documents detected. skipping!
Signature Types: existing documents detected. skipping!
Drop protection does not apply to effective TLDs
Effective TLDs: added 7789 TLDs!
Drop protection does not apply to location objects
Added 248 Location Objects.
Default Dashboard Created.
Creating a new CRITs configuration.
Creating indexes (duplicates will be ignored automatically)
User ‘nonroot’ created successfully!
Temp password:
A CRITs configuration already exists. Skipping default creation.
Setting [allowed_hosts] to a value of [[‘localhost’]]
Saving CRITs configuration.
To access CRITS user interface, go https://localhost:8443 and use the following credentials:
Username: nonroot
Password:
Please change the temporary password upon successful login to the web interface by clicking on ‘Nonroot User’ near the top left panel and selecting ‘Change Password’.
If changes made to the CRITs application require a restart of the web server, run ‘service apache2 stop’ and supervisor will automatically restart the web server for you.
Reverse Engineering, Malware Deep Insight 