Make msftidy happy and warn user about long times

jvazquez-r7 · jvazquez-r7 · commit 3a05993f16bf · 2013-07-29T11:45:30.000-05:00
diff --git a/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb b/modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb
@@ -26,17 +26,17 @@ def initialize(info={})
 				applications from medium or high integrity applications. This allows commands to be
 				broadcasted to an open medium or high integrity command prompts allowing escalation
 				of privileges. We can spawn a medium integrity command prompt, after spawning a low
-				integrity command prompt, by using the Win+Shift+# combination to specify the position
-				of the command prompt on the taskbar. We can then broadcast our command and hope that
-				the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue
-				affects versions  Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT.
-				But Spawning a command prompt with the shortcut key does not work in Vista so you will
-				have to check if the user is already running a command prompt and set SPAWN_PROMPT
-				false. The WEB technique will use powershell to download and execute a powershell
-				encoded payload. The FILE technique will drop an executable to the file system, set it
-				to medium integrity and execute it. The TYPE technique will attempt to execute a
-				powershell encoded payload directly from the command line but it may take some time to
-				complete.
+				integrity command prompt, by using the Win+Shift+# combination to specify the
+				position of the command prompt on the taskbar. We can then broadcast our command
+				and hope that the user is away and doesn't corrupt it by interacting with the UI.
+				Broadcast issue affects versions  Windows Vista, 7, 8, Server 2008, Server 2008 R2,
+				Server 2012, RT. But Spawning a command prompt with the shortcut key does not work
+				in Vista so you will have to check if the user is already running a command prompt
+				and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded
+				payload from a Web location.  The FILE technique will drop an executable to the
+				file system, set it to medium integrity and execute it. The TYPE technique will
+				attempt to execute a powershell encoded payload directly from the command line but
+				it may take some time to complete.
 			},
 			'License'	=> MSF_LICENSE,
 			'Author'	=>
@@ -68,7 +68,6 @@ def initialize(info={})
 				OptBool.new('SPAWN_PROMPT', [true, 'Attempts to spawn a medium integrity command prompt', true]),
 				OptEnum.new('TECHNIQUE', [true, 'Delivery technique', 'WEB', ['WEB','FILE','TYPE']]),
 				OptString.new('CUSTOM_COMMAND', [false, 'Custom command to type'])
-				
 			], self.class
 		)
 
@@ -162,6 +161,7 @@ def exploit
 			if datastore['CUSTOM_COMMAND']
 				command = datastore['CUSTOM_COMMAND']
 			else
+				print_warning("WARNING: It can take a LONG TIME to broadcast the cmd script to execute the psh payload")
 				command = cmd_psh_payload(payload.encoded)
 			end
 			make_it(command)
