Merge pull request #1580 from guardicore/1577-timeout-backdoor-user-pba

Modify "Communicate as Backdoor User" PBA's HTTP requests

CHANGELOG.md

@@ -9,6 +9,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Added
 
 ### Changed
+- "Communicate as Backdoor User" PBA's HTTP requests to request headers only and
+  include a timeout. #1577
 
 ### Removed
 - The VSFTPD exploiter. #1533

monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py

@@ -67,16 +67,16 @@ class CommunicateAsBackdoorUser(PBA):
             format_string = (
                 'powershell.exe -command "[Net.ServicePointManager]::SecurityProtocol = ['
                 "Net.SecurityProtocolType]::Tls12; "
-                'Invoke-WebRequest {url} -UseBasicParsing"'
+                'Invoke-WebRequest {url} -UseBasicParsing -method HEAD"'
             )
         else:
             # if curl works, we're good.
             # If curl doesn't exist or fails and wget work, we're good.
             # And if both don't exist: we'll call it a win.
             if shutil.which("curl") is not None:
-                format_string = "curl {url}"
+                format_string = "curl {url} --head --max-time 10"
             else:
-                format_string = "wget -O/dev/null -q {url}"
+                format_string = "wget -O/dev/null -q {url} --method=HEAD --timeout=10"
         return format_string.format(url=url)
 
     def send_result_telemetry(self, exit_status, commandline, username):

monkey/infection_monkey/utils/windows/users.py

@@ -15,7 +15,7 @@ if is_windows_os():
 
 
 ACTIVE_NO_NET_USER = "/ACTIVE:NO"
-WAIT_TIMEOUT_IN_MILLISECONDS = 60 * 1000
+WAIT_TIMEOUT_IN_MILLISECONDS = 10 * 1000
 
 logger = logging.getLogger(__name__)