Fix HTTP/SMB mixin order to restore SSL option

[wvu]

Mixin order matters. Mixins kinda suck (the way we use them).

Registering the SMB server share mixin after HttpClient deregisters the SSL and SSLCert options. They're still settable, but they vanish from the options lists.

• Diff the normal and advanced options lists before and after this patch
• Ensure nothing was lost, only gained

Reported by @terrorbyte.

[jmartin-tech]

Options diff pre and post patch

$ diff -p 11330_pre.txt 11330_post.txt
*** 11330_pre.txt	2019-01-29 11:34:22.000000000 -0600
--- 11330_post.txt	2019-01-29 11:34:17.000000000 -0600
*************** Module options (exploit/multi/http/strut
*** 10,15 ****
--- 10,16 ----
     SMB_DELAY       10                                        yes       Time that the SMB Server will wait for the payload request
     SRVHOST         0.0.0.0                                   yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
     SRVPORT         445                                       yes       The local port to listen on.
+    SSL             false                                     no        Negotiate SSL/TLS for outgoing connections
     STRUTS_VERSION  2.x                                       yes       Apache Struts Framework version (Accepted: 1.x, 2.x)
     TARGETURI       /struts2-blank/example/HelloWorld.action  yes       The path to a struts application action
     VHOST                                                     no        HTTP server virtual host
*************** Module options (exploit/windows/http/gen
*** 77,82 ****
--- 78,84 ----
     SMB_DELAY    10                               yes       Time that the SMB Server will wait for the payload request
     SRVHOST      0.0.0.0                          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
     SRVPORT      445                              yes       The local port to listen on.
+    SSL          false                            no        Negotiate SSL/TLS for outgoing connections
     TARGETURI    /cgi-bin/function.php?argument=  yes       Path to vulnerable URI (The shared location will be added at the end)
     VHOST                                         no        HTTP server virtual host

[h00die]

may be worth a comment on why this has to come after (even just See #11330) to prevent this from happening in the future

[gdavidson-r7]

Release Notes

This fixes the HTTP/SMB mixin order to restore the SSL option. Previously, registering the SMB server share mixin after HttpClient would deregister the SSL and SSLCert options.