Merge pull request #289 from VakarisZ/elastic_small_fix

Added request timeout to elastic exploiter
2019-04-10 10:30:19 +03:00 · 2019-04-10 10:30:19 +03:00 · 6b9f3c18bc
parent 88b114d810 1eb2ea12ec
commit 6b9f3c18bc
1 changed files with 8 additions and 3 deletions
--- a/monkey/infection_monkey/exploit/elasticgroovy.py
+++ b/monkey/infection_monkey/exploit/elasticgroovy.py
@ -8,7 +8,8 @@ import json
 import logging
 import requests
 from infection_monkey.exploit.web_rce import WebRCE
-from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX
+from infection_monkey.model import WGET_HTTP_UPLOAD, RDP_CMDLINE_HTTP, CHECK_COMMAND, ID_STRING, CMD_PREFIX,\
+    DOWNLOAD_TIMEOUT
 from infection_monkey.network.elasticfinger import ES_PORT, ES_SERVICE

 import re
@ -47,7 +48,11 @@ class ElasticGroovyExploiter(WebRCE):
    def exploit(self, url, command):
        command = re.sub(r"\\", r"\\\\\\\\", command)
        payload = self.JAVA_CMD % command
-        response = requests.get(url, data=payload)
+        try:
+            response = requests.get(url, data=payload, timeout=DOWNLOAD_TIMEOUT)
+        except requests.ReadTimeout:
+            LOG.error("Elastic couldn't upload monkey, because server didn't respond to upload request.")
+            return False
        result = self.get_results(response)
        if not result:
            return False
@ -79,4 +84,4 @@ class ElasticGroovyExploiter(WebRCE):
                return False
        except Exception as e:
            LOG.error("Host's exploitability check failed due to: %s" % e)
-            return False
+            return False