From e55dab3914b1956e75e66f7e8e09cb8d40cc7dc0 Mon Sep 17 00:00:00 2001
From: Sean Verity <veritysr1980@gmail.com>
Date: Mon, 15 Sep 2014 01:01:23 -0400
Subject: [PATCH] Refactored expiration and timeout logic in client_core.rb

---
 lib/rex/payloads/meterpreter/patch.rb   | 24 +++++++++++++++++++++---
 lib/rex/post/meterpreter/client_core.rb | 21 ++++++++++++++++++---
 2 files changed, 39 insertions(+), 6 deletions(-)

diff --git a/lib/rex/payloads/meterpreter/patch.rb b/lib/rex/payloads/meterpreter/patch.rb
index 6cb5bdc070..74ea2f88c0 100644
--- a/lib/rex/payloads/meterpreter/patch.rb
+++ b/lib/rex/payloads/meterpreter/patch.rb
@@ -11,7 +11,7 @@ module Rex
       module Patch
 
         # Replace the transport string
-        def self.patch_transport blob, ssl, url, expiration, comm_timeout
+        def self.patch_transport blob, ssl
 
           i = blob.index("METERPRETER_TRANSPORT_SSL")
           if i
@@ -19,18 +19,36 @@ module Rex
             blob[i, str.length] = str
           end
 
+          return blob
+        end
+
+        # Replace the URL
+        def self.patch_url blob, url
+
           i = blob.index("https://" + ("X" * 256))
           if i
             str = url
             blob[i, str.length] = str
           end
 
+          return blob
+        end
+
+        # Replace the session expiration timeout
+        def self.patch_expiration blob, expiration
+
           i = blob.index([0xb64be661].pack("V"))
           if i
             str = [ expiration ].pack("V")
             blob[i, str.length] = str
           end
 
+          return blob
+        end
+
+        # Replace the session communication timeout
+        def self.patch_comm_timeout blob, comm_timeout
+
           i = blob.index([0xaf79257f].pack("V"))
           if i
             str = [ comm_timeout ].pack("V")
@@ -48,7 +66,7 @@ module Rex
             blob[i, ua.length] = ua
           end
 
-          return blob, i
+          return blob
         end
 
         # Activate a custom proxy
@@ -75,7 +93,7 @@ module Rex
             end
           end
 
-          return blob, i, proxyinfo
+          return blob
         end
 
         # Proxy authentification
diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
index cf6f681332..cbf6ff56bf 100644
--- a/lib/rex/post/meterpreter/client_core.rb
+++ b/lib/rex/post/meterpreter/client_core.rb
@@ -234,9 +234,24 @@ class ClientCore < Extension
       # Replace the transport string first (TRANSPORT_SOCKET_SSL)
       blob = Rex::Payloads::Meterpreter::Patch.patch_transport(
         blob,
-        client.ssl,
-        self.client.url,
-        self.client.expiration,
+        client.ssl
+      )
+
+      # Replace the URL
+      blob = Rex::Payloads::Meterpreter::Patch.patch_url(
+        blob,
+        self.client.url
+      )
+
+      # Replace the session expiration timeout
+      blob = Rex::Payloads::Meterpreter::Patch.patch_expiration(
+        blob,
+        self.client.expiration
+      ) 
+
+      # Replace the session communication timeout
+      blob = Rex::Payloads::Meterpreter::Patch.patch_comm_timeout(
+        blob,
         self.client.comm_timeout
       )