From 6a2b4c2530aab6aa6e8f399ae37cd3f12c0a4b49 Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Thu, 7 Jan 2016 16:55:41 -0600
Subject: [PATCH] Fix #6445, Unexpected HttpServer terminations

Fix #6445

Problem:
When an HttpServer instance is trying to register a resource that
is already taken, it causes all HttpServers to terminate, which
is not a desired behavior.

Root Cause:
It appears the Msf::Exploit::Remote::TcpServer#stop_service method
is causing the problem. When the service is being detected as an
HttpServer, the #stop method used actually causes all servers to
stop, not just for a specific one. This stopping route was
introduced in 04772c894617da83afe4601d8d8bb3157b131b60, when Juan
noticed that the java_rmi_server exploit could not be run again
after the first time.

Solution:
Special case the stopping routine on the module's level, and not
universal.
---
 lib/msf/core/exploit/tcp_server.rb             |  4 ----
 modules/exploits/multi/misc/java_rmi_server.rb | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/lib/msf/core/exploit/tcp_server.rb b/lib/msf/core/exploit/tcp_server.rb
index 771a1bad6b..a86a7a2b25 100644
--- a/lib/msf/core/exploit/tcp_server.rb
+++ b/lib/msf/core/exploit/tcp_server.rb
@@ -162,10 +162,6 @@ module Exploit::Remote::TcpServer
           self.service.stop
         end
 
-        if service.kind_of?(Rex::Proto::Http::Server)
-          service.stop
-        end
-
         self.service = nil
       rescue ::Exception
       end
diff --git a/modules/exploits/multi/misc/java_rmi_server.rb b/modules/exploits/multi/misc/java_rmi_server.rb
index 90f87dea99..3dae8dad96 100644
--- a/modules/exploits/multi/misc/java_rmi_server.rb
+++ b/modules/exploits/multi/misc/java_rmi_server.rb
@@ -187,6 +187,23 @@ class Metasploit3 < Msf::Exploit::Remote
     end
   end
 
+  def cleanup
+    # Normally service termination should not be managed on the module's level, but this is a
+    # special case.
+    #
+    # Originally this special service termination routine was implemented in
+    # Exploit::Remote::TcpServer#stop_service, but that would actually cause all HttpServers to stop
+    # if one of them attempts to register a resource that is already taken, which seems to be a
+    # harsh punishment. This is why the fix is moved here.
+    #
+    # See references:
+    # https://github.com/rapid7/metasploit-framework/pull/4203
+    # https://github.com/rapid7/metasploit-framework/issues/6445
+    service.stop if service
+
+    super
+  end
+
   def autofilter
     return true
   end