Drupal exploiter reported as "failed" even if successful

Describe the bug

Monkey Island reports the drupal exploiter as having failed, even if it is successful

To Reproduce

Run the drupal blackbox test in GCP
Verify on the drupal VM that it was successfully exploited (tail /var/log/apache2/error.log)
Read the monkey agent log on the Monkey Island. You'll see

2021-03-08 18:10:42,752 [19372:139774880689024:INFO] web_rce.execute_remote_monkey.423: Trying to execute monkey using command: /tmp/monkey m0nk3y -p 72572230304299 -t 10.2.2.43:13974 -s 10.2.2.43:5000 -d 1 -vp 80 ... 2021-03-08 18:11:12,805 [19372:139774880689024:ERROR] web_rce.execute_remote_monkey.438: Something went wrong when trying to execute remote monkey: HTTPConnectionPool(host='10.2.2.28', port=80): Read timed out.

Expected behavior

The monkey agent and subsequently Monkey Island should report the drupal exploiter as successful if it is successful.

Root cause

The exploit() method on the drupal exploiter sets a timeout of 15 seconds when sending requests to the vulnerable drupal server. When the monkey is sucessfully executed on the host, the webserver does not respond to the request until after the monkey agent completes. Therefore, the request times out and reports a failure.

Possible solutions to this issue are:

Deploy the monkey agent with the dropper
Change the behavior of the monkey agent such that it allows the webserver to respond with a 200 request while the agent continues to run.
Allow the timeout and use a different mechanism for validating successful exploitation in exploit()
Something else?

https://github.com/guardicore/monkey/blob/5bdb526db348c6a02469d589e391ddf8180ee20e/monkey/infection_monkey/exploit/drupal.py#L89-L108

Machine version (please complete the following information):

Drupal v8.6.9
Apache v2.4.29-1ubuntu4.14
Ubuntu bionic 18.04.5

guardicore / monkey