Merge pull request #1790 from guardicore/1611-interruptible-mssql

1611 interruptible mssql
2022-03-18 14:33:13 +00:00 · 2022-03-18 14:33:13 +00:00 · 6c1a4faf3a
parent 33f2bac275 a247fa954c
commit 6c1a4faf3a
1 changed files with 20 additions and 3 deletions
--- a/monkey/infection_monkey/exploit/mssqlexec.py
+++ b/monkey/infection_monkey/exploit/mssqlexec.py
@ -15,6 +15,7 @@ from infection_monkey.model import DROPPER_ARG
 from infection_monkey.transport import LockedHTTPServer
 from infection_monkey.utils.brute_force import generate_identity_secret_pairs
 from infection_monkey.utils.commands import build_monkey_commandline
+from infection_monkey.utils.threading import interruptable_iter

 logger = logging.getLogger(__name__)

@ -22,7 +23,8 @@ logger = logging.getLogger(__name__)
 class MSSQLExploiter(HostExploiter):
    _EXPLOITED_SERVICE = "MSSQL"
    _TARGET_OS_TYPE = ["windows"]
-    LOGIN_TIMEOUT = 15
+    LOGIN_TIMEOUT = LONG_REQUEST_TIMEOUT
+    QUERY_TIMEOUT = LONG_REQUEST_TIMEOUT
    # Time in seconds to wait between MSSQL queries.
    QUERY_BUFFER = 0.5
    SQL_DEFAULT_TCP_PORT = "1433"
@ -71,6 +73,9 @@ class MSSQLExploiter(HostExploiter):
            )
            return self.exploit_result

+        if self.is_interrupted():
+            return self.exploit_result
+
        try:
            # Create dir for payload
            self.create_temp_dir()
@ -208,12 +213,24 @@ class MSSQLExploiter(HostExploiter):
        """
        # Main loop
        # Iterates on users list
-        for user, password in users_passwords_pairs_list:
+        credentials_iterator = interruptable_iter(
+            users_passwords_pairs_list,
+            self.interrupt,
+            "MSSQL exploiter has been interrupted",
+            logging.INFO,
+        )
+
+        for user, password in credentials_iterator:
            try:
                # Core steps
                # Trying to connect
                conn = pymssql.connect(
-                    host, user, password, port=port, login_timeout=self.LOGIN_TIMEOUT
+                    host,
+                    user,
+                    password,
+                    port=port,
+                    login_timeout=self.LOGIN_TIMEOUT,
+                    timeout=self.QUERY_TIMEOUT,
                )
                logger.info(
                    f"Successfully connected to host: {host} using user: {user} and password"