Update my module documentation to the new standard

Also update CheckModule to match current style and best practices.
2020-04-20 20:06:52 -05:00 · 2020-04-20 20:06:52 -05:00 · c5df5355ac
parent 129d15b8eb
commit c5df5355ac
16 changed files with 98 additions and 107 deletions
--- a/documentation/modules/exploit/bsd/finger/morris_fingerd_bof.md
+++ b/documentation/modules/exploit/bsd/finger/morris_fingerd_bof.md
@ -17,26 +17,24 @@ For manual setup, please follow the Computer History Wiki's
 Garvin's [guide](http://plover.net/~agarvin/4.3bsd-on-simh.html) if
 you're using [Quasijarus](http://gunkies.org/wiki/4.3_BSD_Quasijarus).

-### Targets
-
-```
-Id  Name
--  ----
-0   @(#)fingerd.c   5.1 (Berkeley) 6/6/85
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This targets `fingerd` version 5.1 from 1985-06-06.
+
 ## Options

-**RPORT**
+### RPORT

 Set this to the target port. The default is 79 for `fingerd`, but the
 port may be forwarded when NAT (SLiRP) is used in SIMH.

-**PAYLOAD**
+### PAYLOAD

 Set this to a BSD VAX payload. Currently, only
 `bsd/vax/shell_reverse_tcp` is supported.
--- a/documentation/modules/exploit/linux/http/nexus_repo_manager_el_injection.md
+++ b/documentation/modules/exploit/linux/http/nexus_repo_manager_el_injection.md
@ -55,18 +55,16 @@ again.

 After completing these steps, you may now test the module.

-### Targets
-
-```
-Id  Name
--  ----
-0   Nexus Repository Manager <= 3.21.1
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This targets Nexus Repository Manager versions <= 3.21.1.
+
 ## Options

 ### USERNAME
--- a/documentation/modules/exploit/multi/http/liferay_java_unmarshalling.md
+++ b/documentation/modules/exploit/multi/http/liferay_java_unmarshalling.md
@ -20,18 +20,17 @@ Run `docker run -it -p 8080:8080 liferay/portal:7.2.0-ga1` (note the
 added `7.2.0-ga1` tag) as per Liferay's [Docker Hub instructions](https://hub.docker.com/r/liferay/portal).
 Any dependencies will be pulled automatically.

-### Targets
-
-```
-Id  Name
--  ----
-0   Liferay Portal < 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4, 7.2.1 GA2
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This targets Liferay Portal versions < 6.2.5 GA6, 7.0.6 GA7, 7.1.3 GA4,
+and 7.2.1 GA2.
+
 ## Options

 ### SRVPORT
--- a/documentation/modules/exploit/unix/local/emacs_movemail.md
+++ b/documentation/modules/exploit/unix/local/emacs_movemail.md
@ -17,25 +17,23 @@ For manual setup, please follow the Computer History Wiki's
 Garvin's [guide](http://plover.net/~agarvin/4.3bsd-on-simh.html) if
 you're using [Quasijarus](http://gunkies.org/wiki/4.3_BSD_Quasijarus).

-### Targets
-
-```
-Id  Name
--  ----
-0   /usr/lib/crontab.local
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This uses `/usr/lib/crontab.local` to execute code.
+
 ## Options

-**MOVEMAIL**
+### MOVEMAIL

 Set this to the absolute path to the SUID-root `movemail` executable.

-**CMD**
+### CMD

 If your payload is `cmd/unix/generic` (suggested default), set this to
 the command you want to run as root. The provided default will create a
--- a/documentation/modules/exploit/unix/local/opensmtpd_oob_read_lpe.md
+++ b/documentation/modules/exploit/unix/local/opensmtpd_oob_read_lpe.md
@ -11,21 +11,20 @@ root or nobody user, depending on the kind of grammar OpenSMTPD uses.
 1. Download [OpenBSD 6.6](https://cdn.openbsd.org/pub/OpenBSD/6.6/amd64/install66.iso)
 2. Install the system

-### Targets
-
-```
-Id  Name
--  ----
-0   OpenSMTPD < 6.6.4 (automatic grammar selection)
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This targets OpenSMTPD versions < 6.6.4 by automatically selecting the
+appropriate grammar.
+
 ## Options

-**SESSION**
+### SESSION

 Set this to a valid session ID on an OpenBSD target.

--- a/documentation/modules/exploit/unix/smtp/morris_sendmail_debug.md
+++ b/documentation/modules/exploit/unix/smtp/morris_sendmail_debug.md
@ -18,26 +18,24 @@ For manual setup, please follow the Computer History Wiki's
 Garvin's [guide](http://plover.net/~agarvin/4.3bsd-on-simh.html) if
 you're using [Quasijarus](http://gunkies.org/wiki/4.3_BSD_Quasijarus).

-### Targets
-
-```
-Id  Name
--  ----
-0   @(#)version.c       5.51 (Berkeley) 5/2/86
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This targets `sendmail` version 5.51 from 1986-05-02.
+
 ## Options

-**RPORT**
+### RPORT

 Set this to the target port. The default is 25 for `sendmail`, but the
 port may be forwarded when NAT (SLiRP) is used in SIMH.

-**PAYLOAD**
+### PAYLOAD

 Set this to a Unix command payload. Currently, only `cmd/unix/reverse`
 and `cmd/unix/generic` are supported.
--- a/documentation/modules/exploit/unix/smtp/opensmtpd_mail_from_rce.md
+++ b/documentation/modules/exploit/unix/smtp/opensmtpd_mail_from_rce.md
@ -15,21 +15,19 @@ SMTP interaction with OpenSMTPD to execute a command as the root user.
 4. Execute `/etc/rc.d/smtpd restart` to restart OpenSMTPD
 5. Execute `ifconfig` and look for an appropriate target IP

-### Targets
-
-```
-Id  Name
--  ----
-0   OpenSMTPD < 6.6.1
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This targets OpenSMTPD versions < 6.6.1.
+
 ## Options

-**RCPT_TO**
+### RCPT_TO

 Set this to a valid mail recipient. The default is `root`.

--- a/documentation/modules/exploit/unix/webapp/thinkphp_rce.md
+++ b/documentation/modules/exploit/unix/webapp/thinkphp_rce.md
@ -17,19 +17,20 @@ Tested against versions 5.0.20 and 5.0.23 as can be found on Vulhub.
 2. `cd vulhub/thinkphp/5-rce` for 5.0.20 or `cd vulhub/thinkphp/5.0.23-rce` for 5.0.23
 3. `docker-compose up -d`

-### Targets
-
-```
-Id  Name
--  ----
-0   Unix Command
-1   Linux Dropper
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This executes a Unix command.
+
+### 1
+
+This uses a Linux dropper to execute code.
+
 ## Options

 ### SRVPORT
--- a/documentation/modules/exploit/unix/webapp/wp_infinitewp_auth_bypass.md
+++ b/documentation/modules/exploit/unix/webapp/wp_infinitewp_auth_bypass.md
@ -22,33 +22,31 @@ API change. Tested against 4.8.3.
 2. Download <https://downloads.wordpress.org/plugin/iwp-client.1.9.4.4.zip>
 3. Follow <https://wordpress.org/plugins/iwp-client/#installation>

-### Targets
-
-```
-Id  Name
--  ----
-0   InfiniteWP Client < 1.9.4.5
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This targets InfiniteWP Client versions < 1.9.4.5.
+
 ## Options

-**USERNAME**
+### USERNAME

 Set this to a known, valid administrator username. Authentication will
 be bypassed for this user.

-**PLUGIN_FILE**
+### PLUGIN_FILE

 Set this to a plugin file to insert the payload into, relative to the
 plugins directory, which is normally `/wp-content/plugins`. The file
 must exist and be writable by the web user. It will be overwritten and
 later restored.

-**VerifyContents**
+### VerifyContents

 Verify that the restored contents of `PLUGIN_FILE` match the original.
 This is the default setting.
--- a/documentation/modules/exploit/windows/http/desktopcentral_deserialization.md
+++ b/documentation/modules/exploit/windows/http/desktopcentral_deserialization.md
@ -16,20 +16,24 @@ Desktop Central versions < 10.0.474. Tested against 10.0.465 x64.
 1. Download a vulnerable installer (I used 10.0.465 x64)
 2. Install the software in Windows (I used Windows 10)

-### Targets
-
-```
-Id  Name
--  ----
-0   Windows Command
-1   Windows Dropper
-2   PowerShell Stager
-```
-
 ## Verification Steps

 Follow [Setup](#setup) and [Scenarios](#scenarios).

+## Targets
+
+### 0
+
+This executes a Windows command.
+
+### 1
+
+This uses a Windows dropper to execute code.
+
+### 2
+
+This uses a PowerShell stager to execute code.
+
 ## Options

 ### WfsDelay
--- a/lib/msf/core/exploit/check_module.rb
+++ b/lib/msf/core/exploit/check_module.rb
@ -24,22 +24,22 @@ module Exploit::Remote::CheckModule

    # Bail if we couldn't
    unless mod
-      return CheckCode::Unsupported(
-        "Could not instantiate #{check_module}"
+      return Exploit::CheckCode::Unsupported(
+        "Could not instantiate #{check_module}."
      )
    end

    # Bail if it isn't aux
    if mod.type != Msf::MODULE_AUX
-      return CheckCode::Unsupported(
-        "#{check_module} is not an auxiliary module"
+      return Exploit::CheckCode::Unsupported(
+        "#{check_module} is not an auxiliary module."
      )
    end

    # Bail if run isn't defined
    unless mod.respond_to?(:run)
-      return CheckCode::Unsupported(
-        "#{check_module} does not define a run method"
+      return Exploit::CheckCode::Unsupported(
+        "#{check_module} does not define a run method."
      )
    end

@ -64,7 +64,7 @@ module Exploit::Remote::CheckModule
      # Bail if module doesn't return a CheckCode
      unless checkcode.kind_of?(Exploit::CheckCode)
        return Exploit::CheckCode::Unsupported(
-          "#{check_module} does not return a CheckCode"
+          "#{check_module} does not return a CheckCode."
        )
      end

@ -73,7 +73,7 @@ module Exploit::Remote::CheckModule
    else
      # Bail if module doesn't return a CheckCode
      Exploit::CheckCode::Unsupported(
-        "#{check_module} does not return a CheckCode"
+        "#{check_module} does not return a CheckCode."
      )
    end
  end
--- a/modules/exploits/linux/http/citrix_dir_traversal_rce.rb
+++ b/modules/exploits/linux/http/citrix_dir_traversal_rce.rb
@ -7,8 +7,8 @@ class MetasploitModule < Msf::Exploit::Remote

  Rank = ExcellentRanking

-  include Msf::Exploit::Remote::CheckModule
  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::Remote::CheckModule
  include Msf::Exploit::FileDropper

  def initialize(info = {})
--- a/modules/exploits/linux/http/pulse_secure_cmd_exec.rb
+++ b/modules/exploits/linux/http/pulse_secure_cmd_exec.rb
@ -7,8 +7,8 @@ class MetasploitModule < Msf::Exploit::Remote

  Rank = ExcellentRanking

-  include Msf::Exploit::Remote::CheckModule
  include Msf::Exploit::Remote::HttpClient
+  include Msf::Exploit::Remote::CheckModule
  include Msf::Exploit::CmdStager

  def initialize(info = {})
--- a/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
+++ b/modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb
@ -55,8 +55,8 @@ class MetasploitModule < Msf::Exploit::Remote
  CHUNK_SIZE = 0x400
  HEADER_SIZE = 0x48

-  include Msf::Exploit::Remote::CheckModule
  include Msf::Exploit::Remote::RDP
+  include Msf::Exploit::Remote::CheckModule

  def initialize(info = {})
    super(update_info(info,
--- a/modules/exploits/windows/smb/ms17_010_eternalblue.rb
+++ b/modules/exploits/windows/smb/ms17_010_eternalblue.rb
@ -10,8 +10,8 @@ require 'windows_error'
 class MetasploitModule < Msf::Exploit::Remote
  Rank = AverageRanking

-  include Msf::Exploit::Remote::CheckModule
  include Msf::Exploit::Remote::DCERPC
+  include Msf::Exploit::Remote::CheckModule

  def initialize(info = {})
    super(
--- a/modules/exploits/windows/smb/ms17_010_psexec.rb
+++ b/modules/exploits/windows/smb/ms17_010_psexec.rb
@ -16,9 +16,9 @@
 class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking

-  include Msf::Exploit::Remote::CheckModule
  include Msf::Exploit::Remote::SMB::Client::Psexec_MS17_010
  include Msf::Exploit::Remote::SMB::Client::Psexec
+  include Msf::Exploit::Remote::CheckModule
  include Msf::Exploit::Powershell
  include Msf::Exploit::EXE
  include Msf::Exploit::WbemExec