Land rapid7#3417, release fixes

Author: wvu

modules/auxiliary/scanner/http/etherpad_duo_login.rb

@@ -13,10 +13,10 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info={})
     super(update_info(info,
-    'Name'           => 'EtherPAD Duo Login Brute Force Utility',
+    'Name'           => 'EtherPAD Duo Login Bruteforce Utility',
     'Description'    => %{
       This module scans for EtherPAD Duo login portal, and
-      performs a login brute force attack to identify valid credentials.
+      performs a login bruteforce attack to identify valid credentials.
     },
     'Author'         =>
       [
@@ -32,7 +32,7 @@ def run_host(ip)
       return
     end
 
-    print_status("#{peer} - Starting login brute force...")
+    print_status("#{peer} - Starting login bruteforce...")
     each_user_pass do |user, pass|
       do_login(user, pass)
     end

modules/auxiliary/scanner/http/pocketpad_login.rb

@@ -14,10 +14,10 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info={})
     super(update_info(info,
-    'Name'           => 'PocketPAD Login Brute Force Utility',
+    'Name'           => 'PocketPAD Login Bruteforce Force Utility',
     'Description'    => %{
       This module scans for PocketPAD login portal, and
-      performs a login brute force attack to identify valid credentials.
+      performs a login bruteforce attack to identify valid credentials.
     },
     'Author'         =>
       [
@@ -32,7 +32,7 @@ def run_host(ip)
       return
     end
 
-    print_status("#{peer} - Starting login brute force...")
+    print_status("#{peer} - Starting login bruteforce...")
     each_user_pass do |user, pass|
       do_login(user, pass)
     end

modules/exploits/multi/elasticsearch/script_mvel_rce.rb

@@ -15,10 +15,10 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'ElasticSearch Dynamic Script Arbitrary Java Execution',
       'Description'    => %q{
-        This module exploits a remote command execution vulnerability in ElasticSearch,
+        This module exploits a remote command execution (RCE) vulnerability in ElasticSearch,
         exploitable by default on ElasticSearch prior to 1.2.0. The bug is found in the
-        REST API, which requires no authentication or authorization, where the search
-        function allows dynamic scripts execution, and can be used for remote attackers
+        REST API, which does not require authentication, where the search
+        function allows dynamic scripts execution. It can be used for remote attackers
         to execute arbitrary Java code. This module has been tested successfully on
         ElasticSearch 1.1.1 on Ubuntu Server 12.04 and Windows XP SP3.
       },
@@ -65,29 +65,30 @@ def check
   end
 
   def exploit
-    print_status("#{peer} - Trying to execute arbitrary Java..")
+    print_status("#{peer} - Trying to execute arbitrary Java...")
     unless vulnerable?
       fail_with(Failure::Unknown, "#{peer} - Java has not been executed, aborting...")
     end
 
-    print_status("#{peer} - Asking remote OS...")
+    print_status("#{peer} - Discovering remote OS...")
     res = execute(java_os)
     result = parse_result(res)
     if result.nil?
-      fail_with(Failure::Unknown, "#{peer} - Could not get remote OS...")
+      fail_with(Failure::Unknown, "#{peer} - Could not identify remote OS...")
     else
-      print_good("#{peer} - OS #{result} found")
+      # TODO: It'd be nice to report_host() with this info.
+      print_good("#{peer} - Remote OS is '#{result}'")
     end
 
     jar_file = ""
     if result =~ /win/i
-      print_status("#{peer} - Asking TEMP path")
+      print_status("#{peer} - Discovering TEMP path")
       res = execute(java_tmp_dir)
       result = parse_result(res)
       if result.nil?
-        fail_with(Failure::Unknown, "#{peer} - Could not get TEMP path...")
+        fail_with(Failure::Unknown, "#{peer} - Could not identify TEMP path...")
       else
-        print_good("#{peer} - TEMP path found on #{result}")
+        print_good("#{peer} - TEMP path identified: '#{result}'")
       end
       jar_file = "#{result}#{rand_text_alpha(3 + rand(4))}.jar"
     else

modules/post/windows/gather/enum_muicache.rb

@@ -18,7 +18,7 @@ def initialize(info={})
       'Description' =>
       %q{
         This module gathers information about the files and file paths that logged on users have
-        executed on the system. It also will check if the file exists on the system still. This
+        executed on the system. It also will check if the file still exists on the system. This
         information is gathered by using information stored under the MUICache registry key. If
         the user is logged in when the module is executed it will collect the MUICache entries
         by accessing the registry directly. If the user is not logged in the module will download
@@ -43,7 +43,7 @@ def find_user_names
     username_reg_path = "HKLM\\Software\\Microsoft\\Windows\ NT\\CurrentVersion\\ProfileList"
     profile_subkeys = registry_enumkeys(username_reg_path)
     if profile_subkeys.blank?
-      print_error("Unable to access ProfileList registry key. Can't continue.")
+      print_error("Unable to access ProfileList registry key. Unable to continue.")
       return nil
     end
 
@@ -53,7 +53,7 @@ def find_user_names
       end
       user_home_path = registry_getvaldata("#{username_reg_path}\\#{user_sid}", "ProfileImagePath")
       if user_home_path.blank?
-        print_error("Unable to read ProfileImagePath from the registry. Can't continue.")
+        print_error("Unable to read ProfileImagePath from the registry. Unable to continue.")
         return nil
       end
       full_path = user_home_path.strip
@@ -94,7 +94,7 @@ def enumerate_muicache(muicache_reg_keys, sys_users, sys_paths, muicache, hive_f
         # If the registry_enumvals returns us nothing then we'll know
         # that the user is most likely not logged in and we'll need to
         # download and process users hive locally.
-        print_warning("User #{user}: Can't access registry (maybe the user is not logged in atm?). Trying NTUSER.DAT/USRCLASS.DAT..")
+        print_warning("User #{user}: Can't access registry. Maybe the user is not logged in? Trying NTUSER.DAT/USRCLASS.DAT...")
         result = process_hive(sys_path, user, muicache, hive_file)
         unless result.nil?
           result.each { |r|
@@ -105,7 +105,7 @@ def enumerate_muicache(muicache_reg_keys, sys_users, sys_paths, muicache, hive_f
         # If the registry_enumvals returns us content we'll know that we
         # can access the registry directly and thus continue to process
         # the content collected from there.
-        print_status("User #{user}: Enumerating registry..")
+        print_status("User #{user}: Enumerating registry...")
         subkeys.each do |key|
           if key[0] != "@" && key != "LangID" && !key.nil?
             result = check_file_exists(key, user)
@@ -142,11 +142,11 @@ def process_hive(sys_path, user, muicache, hive_file)
     ntuser_status = file_exist?(hive_path)
 
     unless ntuser_status == true
-      print_warning("Couldn't locate/download #{user}'s registry hive. Can't proceed.")
+      print_warning("Couldn't locate/download #{user}'s registry hive. Unable to proceed.")
       return nil
     end
 
-    print_status("Downloading #{user}'s NTUSER.DAT/USRCLASS.DAT file..")
+    print_status("Downloading #{user}'s NTUSER.DAT/USRCLASS.DAT file...")
     local_hive_copy = Rex::Quickfile.new("jtrtmp")
     local_hive_copy.close
     begin
@@ -166,8 +166,8 @@ def process_hive(sys_path, user, muicache, hive_file)
   # extracting the contents of the MUICache registry key.
   def hive_parser(local_hive_copy, muicache, user)
     results = []
-    print_status("Parsing registry content..")
-    err_msg = "Error parsing hive. Can't continue."
+    print_status("Parsing registry content...")
+    err_msg = "Error parsing hive. Unable to continue."
     hive = Rex::Registry::Hive.new(local_hive_copy)
     if hive.nil?
       print_error(err_msg)
@@ -210,7 +210,7 @@ def hive_parser(local_hive_copy, muicache, user)
   # - http://forensicartifacts.com/2010/08/registry-muicache/
   # - http://www.irongeek.com/i.php?page=security/windows-forensics-registry-and-file-system-spots
   def run
-    print_status("Starting to enumerate MuiCache registry keys..")
+    print_status("Starting to enumerate MUICache registry keys...")
     sys_info = sysinfo['OS']
 
     if sys_info =~/Windows XP/ && is_admin?
@@ -219,7 +219,7 @@ def run
       hive_file = "\\NTUSER.DAT"
     elsif sys_info =~/Windows 7/ && is_admin?
       print_good("Remote system supported: #{sys_info}")
-      muicache = "_Classes\\Local\ Settings\\Software\\Microsoft\\Windows\\Shell\\MuiCache"
+      muicache = "_Classes\\Local\ Settings\\Software\\Microsoft\\Windows\\Shell\\MUICache"
       hive_file = "\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat"
     else
       print_error("Unsupported OS or not enough privileges. Unable to continue.")
@@ -236,7 +236,7 @@ def run
         "File status",
       ])
 
-    print_status("Phase 1: Searching user names..")
+    print_status("Phase 1: Searching user names...")
     sys_users, sys_paths, sys_sids = find_user_names
 
     if sys_users.blank?
@@ -246,16 +246,16 @@ def run
       print_good("Users found: #{sys_users.join(", ")}")
     end
 
-    print_status("Phase 2: Searching registry hives..")
+    print_status("Phase 2: Searching registry hives...")
     muicache_reg_keys = enum_muicache_paths(sys_sids, muicache)
     results = enumerate_muicache(muicache_reg_keys, sys_users, sys_paths, muicache, hive_file)
 
     results.each { |r| table << r }
 
-    print_status("Phase 3: Processing results..")
+    print_status("Phase 3: Processing results...")
     loot = store_loot("muicache_info", "text/plain", session, table.to_s, nil, "MUICache Information")
     print_line("\n" + table.to_s + "\n")
-    print_status("Results stored in: #{loot}")
+    print_status("Results stored as: #{loot}")
     print_status("Execution finished.")
   end