Merge branch 'upstream-master' into land-8021-

Author: Brent Cook

Gemfile.lock

@@ -14,7 +14,7 @@ PATH
       metasploit-concern
       metasploit-credential
       metasploit-model
-      metasploit-payloads (= 1.2.14)
+      metasploit-payloads (= 1.2.15)
       metasploit_data_models
       metasploit_payloads-mettle (= 0.1.7)
       msgpack
@@ -169,7 +169,7 @@ GEM
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.2.14)
+    metasploit-payloads (1.2.15)
     metasploit_data_models (2.0.14)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -279,7 +279,7 @@ GEM
       rex-socket
       rex-text
     rex-struct2 (0.1.0)
-    rex-text (0.2.11)
+    rex-text (0.2.12)
     rex-zip (0.1.1)
       rex-text
     rkelly-remix (0.0.7)

documentation/modules/auxiliary/admin/chromecast/chromecast_youtube.md

@@ -1,4 +1,4 @@
-This module plays (by default) [https://www.youtube.com/watch?v=kxopViU98Xo]("Epic sax guy 10 hours") on a target Google Chromecast via YouTube.
+This module plays (by default) ["Epic sax guy 10 hours"](https://www.youtube.com/watch?v=kxopViU98Xo) on a target Google Chromecast via YouTube.
 
 Naturally, audio should be cranked to 11 before running this module.
 
@@ -12,7 +12,7 @@ Naturally, audio should be cranked to 11 before running this module.
 
   **VID**
 
-  The YouTube video to be played.  Defaults to [https://www.youtube.com/watch?v=kxopViU98Xo](kxopViU98Xo)
+  The YouTube video to be played.  Defaults to [kxopViU98Xo](https://www.youtube.com/watch?v=kxopViU98Xo)
 
 ## Sample Output
 

documentation/modules/auxiliary/admin/http/netgear_soap_password_extractor.md

@@ -1,17 +1,18 @@
 ## Vulnerable Application
 
 The following list is a non-exhaustive list of vulnerable Netgear devices:
-1.  R6300v2  < [1.0.3.28](http://kb.netgear.com/app/answers/detail/a_id/28372)
-2.  WNDR3300 - V1.0.45 (current, confirmed vuln)
-3.  WNDR3700v1 - 1.0.7.98, 1.0.16.98 (confirmed vuln)
-4.  WNDR3700v2 - 1.0.1.14 (EOL, confirmed vuln)
-5.  WNDR3700v4 < [1.0.2.80](http://kb.netgear.com/app/answers/detail/a_id/28355)
-6.  WNDR3800 - 1.0.0.48 (EOL, confirmed vuln)
-7.  WNDR4300 < [1.0.2.80](http://kb.netgear.com/app/answers/detail/a_id/28037)
-8.  WNR1000v2 - 1.0.1.1, 1.1.2.58 (EOL, confirmed vuln)
-9.  WNR2000v3 < [1.1.2.12](http://kb.netgear.com/app/answers/detail/a_id/30024)
-10. WNR2200 < [1.0.1.96](http://kb.netgear.com/app/answers/detail/a_id/28036)
-11. WNR2500 < [1.0.0.32](http://kb.netgear.com/app/answers/detail/a_id/28351)
+
+  1.  R6300v2  < [1.0.3.28](http://kb.netgear.com/app/answers/detail/a_id/28372)
+  2.  WNDR3300 - V1.0.45 (current, confirmed vuln)
+  3.  WNDR3700v1 - 1.0.7.98, 1.0.16.98 (confirmed vuln)
+  4.  WNDR3700v2 - 1.0.1.14 (EOL, confirmed vuln)
+  5.  WNDR3700v4 < [1.0.2.80](http://kb.netgear.com/app/answers/detail/a_id/28355)
+  6.  WNDR3800 - 1.0.0.48 (EOL, confirmed vuln)
+  7.  WNDR4300 < [1.0.2.80](http://kb.netgear.com/app/answers/detail/a_id/28037)
+  8.  WNR1000v2 - 1.0.1.1, 1.1.2.58 (EOL, confirmed vuln)
+  9.  WNR2000v3 < [1.1.2.12](http://kb.netgear.com/app/answers/detail/a_id/30024)
+  10. WNR2200 < [1.0.1.96](http://kb.netgear.com/app/answers/detail/a_id/28036)
+  11. WNR2500 < [1.0.0.32](http://kb.netgear.com/app/answers/detail/a_id/28351)
 
 ## Verification Steps
 

documentation/modules/exploit/linux/local/bpf_priv_esc.md

@@ -1,19 +1,19 @@
 ## Notes
 
-This module (and the original exploit) are written in several parts: hello, doubleput, and suidhelper.
+This module (and the original exploit) are written in several parts: `hello`, `doubleput`, and `suidhelper`.
 
-Mettle at times on this exploit will give back an invalid session number error.  In these cases payload/linux/x64/shell/bind_tcp seemed to always work.
+Mettle at times on this exploit will give back an invalid session number error.  In these cases `payload/linux/x64/shell/bind_tcp` seemed to always work.
 
-As of PR submission, the original shell becomes unresposive when the root shell occurs.  Metasm fails to compile due to fuse.h being required.
+As of PR submission, the original shell becomes unresposive when the root shell occurs.  Metasm fails to compile due to `fuse.h` being required.
 
-As of PR submission, killing of the process hello and doubleput has to occur manually.  /tmp/fuse_mount also needs to be unmounted and deleted.
+As of PR submission, killing of the process `hello` and `doubleput` has to occur manually.  `/tmp/fuse_mount` also needs to be unmounted and deleted.
 
 ## Creating A Testing Environment
 
 There are a few requirements for this module to work:
 
-  1. CONFIG_BPF_SYSCALL=y must be set in the kernel (default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
-  2. kernel.unprivileged_bpf_disabled can't be set to 1 (default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
+  1. `CONFIG_BPF_SYSCALL=y` must be set in the kernel (default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
+  2. `kernel.unprivileged_bpf_disabled` can't be set to `1` (default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
   3. fuse needs to be installed (non-default on Ubuntu 16.04 (Linux 4.4.0-38-generic))
 
   Using Ubuntu 16.04, simply `sudo apt-get install fuse` and you're all set!

documentation/modules/module_doc_template.md

@@ -1,14 +1,17 @@
 The following is the recommended format for module documentation.
 But feel free to add more content/sections to this.
-
+One of the general ideas behind these documents is to help someone troubleshoot the module if it were to stop
+functioning in 5+ years, so giving links or specific examples can be VERY helpful.
 
 ## Vulnerable Application
 
-  Instructions to get the vulnerable application.
+  Instructions to get the vulnerable application.  If applicable, include links to the vulnerable install files,
+  as well as instructions on installing/configuring the environment if it is different than a standard install.
+  Much of this will come from the PR, and can be copy/pasted.
 
 ## Verification Steps
 
-  Example steps in this format:
+  Example steps in this format (is also in the PR):
 
   1. Install the application
   2. Start msfconsole
@@ -20,7 +23,7 @@ But feel free to add more content/sections to this.
 
   **Option name**
 
-  Talk about what it does, and how to use it appropriately.
+  Talk about what it does, and how to use it appropriately.  If the default value is likely to change, include the default value here.
 
 ## Scenarios
 

lib/msf/ui/console/command_dispatcher/jobs.rb

@@ -321,7 +321,9 @@ def cmd_handler(*args)
               'ExitOnSession'  => exit_on_session,
               'RunAsJob'       => true
             }
+
             handler.datastore.reverse_merge!(payload_datastore)
+            handler.datastore.merge!(handler_opts)
 
             # Launch our Handler and get the Job ID
             handler.exploit_simple(handler_opts)

modules/auxiliary/scanner/http/owa_login.rb

@@ -92,7 +92,7 @@ def initialize
         OptString.new('AD_DOMAIN', [ false, "Optional AD domain to prepend to usernames", ''])
       ], self.class)
 
-    deregister_options('BLANK_PASSWORDS', 'RHOSTS','PASSWORD','USERNAME')
+    deregister_options('BLANK_PASSWORDS', 'RHOSTS')
   end
 
   def setup