From 1eb2ea12ec67b2d9237599bba83efed1e0747c2d Mon Sep 17 00:00:00 2001 From: VakarisZ Date: Tue, 9 Apr 2019 11:29:34 +0300 Subject: [PATCH] Added request timeout --- monkey/infection_monkey/exploit/elasticgroovy.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/monkey/infection_monkey/exploit/elasticgroovy.py b/monkey/infection_monkey/exploit/elasticgroovy.py index 2de001ba3..faa6681b4 100644 --- a/monkey/infection_monkey/exploit/elasticgroovy.py +++ b/monkey/infection_monkey/exploit/elasticgroovy.py @@ -8,7 +8,8 @@ import json import logging import requests from infection_monkey.exploit.web_rce import WebRCE -from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX +from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\ + DOWNLOAD_TIMEOUT from infection_monkey.network.elasticfinger import ES_PORT, ES_SERVICE import re @@ -47,7 +48,11 @@ class ElasticGroovyExploiter(WebRCE): def exploit(self, url, command): command = re.sub(r"\\", r"\\\\\\\\", command) payload = self.JAVA_CMD % command - response = requests.get(url, data=payload) + try: + response = requests.get(url, data=payload, timeout=DOWNLOAD_TIMEOUT) + except requests.ReadTimeout: + LOG.error("Elastic couldn't upload monkey, because server didn't respond to upload request.") + return False result = self.get_results(response) if not result: return False @@ -79,4 +84,4 @@ class ElasticGroovyExploiter(WebRCE): return False except Exception as e: LOG.error("Host's exploitability check failed due to: %s" % e) - return False \ No newline at end of file + return False