`lse_procmon` incompatibility with busybox `ps`

diego-treitos / linux-smart-enumeration

Linux enumeration tool for pentesting and CTFs with verbosity levels

GNU General Public License v3.0

3.45k stars 574 forks source link

`lse_procmon` incompatibility with busybox `ps` #66

Closed exploide closed 2 years ago

exploide commented 2 years ago

lse_procmon calls ps -ewwwo start_time,pid,user:50,args but this seems to be procps-ng compatible only.

The busybox implementation of ps has no -w and also lacks the output columns start_time and user:50.

So when running lse on a somewhat restricted system, it explodes with ps errors all over the screen.

Maybe there is no trivial fix for compatibility because lse_proc_print also makes assumptions about taking exactly this format. So perhaps just check whether ps -V is procps-ng and skip this task otherwise?

diego-treitos commented 2 years ago

Thank you for the bug report. I worked a bit on this and indeed it is not very easy to solve. The task saves process data so if it is skipped there won't be any process information, which is far from ideal.

On the other hand, at least on a busybox I tested (debian), the output format for busybox ps -o stat,pid,user,args is not coherent: in some lines the PID and the user are note separated by a space so it breaks the parsing...

I will have to look further into this.

diego-treitos commented 2 years ago

It is hopefully fixed in the latest release 4.7nw. Please feel free to test. The solution is not ideal but it should be "acceptable"... hopefully :)