AWS EC2 detected as Tencent CVM causing long run time due to incorrect Tencent enumeration
credibleforce opened this issue · comments
Issue description
Linpeas.sh taking a long time (>30 minutes) to run on AWS EC2 instance. Incorrectly identified as Tencent CVM.
Steps to reproduce the issue
- Launch aws ec2 instance
- Run curl -L https://github.com/carlospolop/PEASS-ng/releases/download/latest/linpeas.sh | /bin/bash -s -- -s -N -o system_information,container,cloud,procs_crons_timers_srvcs_sockets,users_information,software_information,interesting_files,interesting_perms_files,api_keys_regex
- Logs show:
╔═══════╗
═════════════════════════════════════╣ Cloud ╠═════════════════════════════════════
╚═══════╝
═╣ GCP Virtual Machine? ................. No
═╣ GCP Cloud Funtion? ................... No
═╣ AWS ECS? ............................. No
═╣ AWS EC2? ............................. Yes
═╣ AWS EC2 Beanstalk? ................... No
═╣ AWS Lambda? .......................... No
═╣ AWS Codebuild? ....................... No
═╣ DO Droplet? .......................... No
═╣ Aliyun ECS? .......................... No
═╣ Tencent CVM? .......................... Yes
═╣ IBM Cloud VM? ........................ No
═╣ Azure VM? ............................ No
═╣ Azure APP? ........................... No
Which parameters did you use for executing the script and how did you execute it?
-s -N -o system_information,container,cloud,procs_crons_timers_srvcs_sockets,users_information,software_information,interesting_files,interesting_perms_files,api_keys_regex
Is there any AV / Threat protection in the system?
no
Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)
ubuntu focal
Please, indicate the check that is failing and add a screenshot showing the problem
check_tencent_cvm () {
is_tencent_cvm="No"
if [ -f "/etc/cloud/cloud.cfg.d/05_logging.cfg" ] || grep -qi Tencent /etc/cloud/cloud.cfg; then
is_tencent_cvm="Yes"
fi
}
the -f "/etc/cloud/cloud.cfg.d/05_logging.cfg" returns true on AWS EC2 instances.
How did you expect it to work?
AWS instances should not be detected as Tencent. When they are run time goes from ~10 minutes to > 30 minutes
I've encountered the same issue on physical servers running Ubuntu server
Hi guys! Thanks for letting me know!
I have disabled the Tencent check until the author sends. PR with a better fingerprint. There should be a new release in a couple of minutes