improve the check of sufficient URLs for the attack

monkey/infection_monkey/exploit/drupal.py

@@ -106,6 +106,15 @@ class DrupalExploiter(WebRCE):
         :return: vulnerable URL to exploit
         """
         return self.vulnerable_urls.pop()
+    
+    def are_vulnerable_urls_sufficient(self):
+        """
+        For the Drupal exploit, 5 distinct URLs are needed to perform the full attack.
+        :return: Whether the list of vulnerable URLs has at least 5 elements.
+        """
+        # We need 5 URLs for a "full-chain": check remote files, check architecture, drop monkey, chmod it and run it.
+        num_urls_needed_for_full_exploit = 5
+        return len(self.vulnerable_urls) > num_urls_needed_for_full_exploit
 
 
 def is_response_cached(r: requests.Response) -> bool:

monkey/infection_monkey/exploit/web_rce.py

@@ -92,7 +92,7 @@ class WebRCE(HostExploiter):
         potential_urls = self.build_potential_urls(ports, exploit_config['url_extensions'])
         self.add_vulnerable_urls(potential_urls, exploit_config['stop_checking_urls'])
 
-        if not self.vulnerable_urls:
+        if not self.are_vulnerable_urls_sufficient():
             return False
 
         self.target_url = self.get_target_url()
@@ -517,3 +517,12 @@ class WebRCE(HostExploiter):
         :return: a vulnerable URL
         """
         return self.vulnerable_urls[0]
+    
+    def are_vulnerable_urls_sufficient(self):
+        """
+        Determine whether the number of vulnerable URLs is sufficient in order to perform the full attack.
+        Often, a single URL will suffice. However, in some cases (e.g. the Drupal exploit) a vulnerable URL is for
+        single use, thus we need a couple of them.
+        :return: Whether or not a full attack can be performed using the available vulnerable URLs.
+        """
+        return len(self.vulnerable_urls) > 0