Add vulnerable setup info in mediawiki_syntaxhighlight.md

Author: wchen-r7

documentation/modules/exploit/multi/http/mediawiki_syntaxhighlight.md

@@ -2,6 +2,19 @@
 
   Any MediaWiki installation with SyntaxHighlight version 2.0 installed & enabled. This extension ships with the AIO package of MediaWiki 1.27.x & 1.28.x. A fix for this issue is included in MediaWiki version 1.28.2 and version 1.27.3.
 
+## Vulnerable Setup
+
+To set up the vulnerable environment, please do:
+
+  1. Download [MediaWiki (such as 1.28.0)](https://releases.wikimedia.org/mediawiki/1.28/mediawiki-1.28.0.tar.gz)
+  2. Install MediaWiki on a LAMP setup (ideally)
+  3. Install composer ```curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer```
+  4. Do: ```cd /var/www/html/mediawiki/extensions/SyntaxHighlight_GeSHi```
+  5. Do: ```composer update```
+  6. Open your LocalSettings.php with a text editor, and add this line at the end of the file: ```wfLoadExtension( 'SyntaxHighlight_GeSHi' );```
+
+  At this point, you are ready to test this setup. 
+
 ## Verification Steps
 
   1. `use exploit/multi/http/mediawiki_syntaxhighlight`
@@ -35,6 +48,17 @@
   In case the wiki is configured as private, a read-only (or better) account is needed to exploit this issue. Provide the password of that account here.
 
 ## Sample Output
+
+### The Check command
+
+The module comes with a check command that allows you to check whether the target might be
+vulnerable or not, for example:
+
+```
+msf exploit(mediawiki_syntaxhighlight) > check
+[*] 192.168.146.203:80 The target appears to be vulnerable.
+```
+
 ### MediaWiki 1.27.1-2 on Ubuntu 16.10
 
 ```