From 42880634088728370f0186f913ff8e9cae18688f Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Thu, 11 Nov 2021 19:09:45 +0530
Subject: [PATCH 1/3] Agent: Modify backdoor user PBA's commands to request for
 headers only when checking for internet connection

---
 .../post_breach/actions/communicate_as_backdoor_user.py     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
index dba5daad4..b24ace801 100644
--- a/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
+++ b/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
@@ -67,16 +67,16 @@ class CommunicateAsBackdoorUser(PBA):
             format_string = (
                 'powershell.exe -command "[Net.ServicePointManager]::SecurityProtocol = ['
                 "Net.SecurityProtocolType]::Tls12; "
-                'Invoke-WebRequest {url} -UseBasicParsing"'
+                'Invoke-WebRequest {url} -UseBasicParsing -method HEAD"'
             )
         else:
             # if curl works, we're good.
             # If curl doesn't exist or fails and wget work, we're good.
             # And if both don't exist: we'll call it a win.
             if shutil.which("curl") is not None:
-                format_string = "curl {url}"
+                format_string = "curl {url} --head"
             else:
-                format_string = "wget -O/dev/null -q {url}"
+                format_string = "wget -O/dev/null -q {url} --method=HEAD"
         return format_string.format(url=url)
 
     def send_result_telemetry(self, exit_status, commandline, username):

From 5bbd1c608ffee12874dc96631ead730c8c0ef0ac Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Thu, 11 Nov 2021 19:19:59 +0530
Subject: [PATCH 2/3] Agent: Modify backdoor user PBA's HTTP requests' timeout
 to 10 seconds

---
 .../post_breach/actions/communicate_as_backdoor_user.py       | 4 ++--
 monkey/infection_monkey/utils/windows/users.py                | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
index b24ace801..03126dec0 100644
--- a/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
+++ b/monkey/infection_monkey/post_breach/actions/communicate_as_backdoor_user.py
@@ -74,9 +74,9 @@ class CommunicateAsBackdoorUser(PBA):
             # If curl doesn't exist or fails and wget work, we're good.
             # And if both don't exist: we'll call it a win.
             if shutil.which("curl") is not None:
-                format_string = "curl {url} --head"
+                format_string = "curl {url} --head --max-time 10"
             else:
-                format_string = "wget -O/dev/null -q {url} --method=HEAD"
+                format_string = "wget -O/dev/null -q {url} --method=HEAD --timeout=10"
         return format_string.format(url=url)
 
     def send_result_telemetry(self, exit_status, commandline, username):
diff --git a/monkey/infection_monkey/utils/windows/users.py b/monkey/infection_monkey/utils/windows/users.py
index 8cf128c20..e0da2ded3 100644
--- a/monkey/infection_monkey/utils/windows/users.py
+++ b/monkey/infection_monkey/utils/windows/users.py
@@ -15,7 +15,7 @@ if is_windows_os():
 
 
 ACTIVE_NO_NET_USER = "/ACTIVE:NO"
-WAIT_TIMEOUT_IN_MILLISECONDS = 60 * 1000
+WAIT_TIMEOUT_IN_MILLISECONDS = 10 * 1000
 
 logger = logging.getLogger(__name__)
 

From 9ee6049636a9edcf31a549360971f7810b5cf000 Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Thu, 11 Nov 2021 19:26:47 +0530
Subject: [PATCH 3/3] Changelog: Add entry for backdoor uer PBA's HTTP request
 modifications

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 995232e80..84fd4e114 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Added
 
 ### Changed
+- "Communicate as Backdoor User" PBA's HTTP requests to request headers only and
+  include a timeout. #1577
 
 ### Removed
 - The VSFTPD exploiter. #1533