Land rapid7#3763, release fixes

wvu · wvu · commit b61d1dca886f · 2014-09-08T14:02:45.000-05:00
diff --git a/modules/auxiliary/admin/appletv/appletv_display_image.rb b/modules/auxiliary/admin/appletv/appletv_display_image.rb
@@ -15,8 +15,8 @@ def initialize(info = {})
       'Description'    => %q(
         This module will show an image on an AppleTV device for a period of time.
         Some AppleTV devices are actually password-protected, in that case please
-        set the PASSWORD datastore option. If you need to bruteforce the password,
-        you can try apple_login.rb.
+        set the PASSWORD datastore option. For password bruteforcing, please see
+        the module auxiliary/scanner/http/appletv_login.
       ),
       'Author'         =>
         [
diff --git a/modules/auxiliary/admin/appletv/appletv_display_video.rb b/modules/auxiliary/admin/appletv/appletv_display_video.rb
@@ -14,13 +14,15 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'Apple TV Video Remote Control',
       'Description'    => %q(
-        This module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky
-        about the server that hosts the video, here are the ones tested: default IIS. default
-        Apache, Ruby httpd webrick's default MIME list might need to be updated depending on
-        what media file you're playing. Python SimpleHTTPServer is not recommended. Also, if
-        you're playing a video, the URL must be an IP address. Some AppleTV devices are actually
-        password-protected, in that case please set the PASSWORD datastore option. If you need
-        to bruteforce the password, please use appletv_login
+        This module plays a video on an AppleTV device. Note that
+        AppleTV can be somewhat picky about the server that hosts the video.
+        Tested servers include default IIS, default Apache, and Ruby's WEBrick.
+        For WEBrick, the default MIME list may need to be updated, depending on
+        what media file is to be played. Python SimpleHTTPServer is not
+        recommended. Also, if you're playing a video, the URL must be an IP
+        address. Some AppleTV devices are actually password-protected; in that
+        case please set the PASSWORD datastore option. For password
+        bruteforcing, please see the module auxiliary/scanner/http/appletv_login.
       ),
       'Author'         =>
         [
diff --git a/modules/auxiliary/scanner/http/appletv_login.rb b/modules/auxiliary/scanner/http/appletv_login.rb
@@ -16,20 +16,24 @@ def initialize
     super(
         'Name'           => 'AppleTV AirPlay Login Utility',
         'Description'    => %q(
-        This module attempts to authenticate to an AppleTV service with username 'AirPlay'.
-        The device has two different access control modes: OnScreen and Password. The difference
-        is the password in Onscreen is number-only and four digits long, which means when you enable
-        this option, the module will make sure to cover all of them - from 0000 to 9999.
-        The Password mode is more complex, therefore it's better to supply your own password list
-        in PASS_FILE, and/or enable DB_ALL_PASS and resue all the passwords you've collected in
-        the database.
+        This module attempts to authenticate to an AppleTV service with
+        the username, 'AirPlay'.  The device has two different access control
+        modes: OnScreen and Password. The difference between the two is the
+        password in OnScreen mode is numeric-only and four digits long, which
+        means when this option is enabled, this option, the module will make
+        sure to cover all of them - from 0000 to 9999.  The Password mode is
+        more complex, therefore the usual online bruteforce strategies apply.
       ),
         'Author'         =>
           [
             '0a29406d9794e4f9b30b3c5d6702c708',  # Original
-            'thelightcosine'                     # LoginScanner
+            'thelightcosine'                     # LoginScanner conversion help
           ],
         'License'        => MSF_LICENSE,
+        'References'     =>
+          [
+            ['URL', 'http://nto.github.io/AirPlay.html']
+          ],
         'DefaultOptions' => {
             'RPORT'           => 7000,  # AppleTV's server
             'STOP_ON_SUCCESS' => true   # There's only one password with the same username
diff --git a/modules/exploits/multi/gdb/gdb_server_exec.rb b/modules/exploits/multi/gdb/gdb_server_exec.rb
@@ -14,13 +14,18 @@ def initialize(info = {})
     super(update_info(info,
       'Name'          => 'GDB Server Remote Payload Execution',
       'Description'   => %q{
-          This module attempts to execute an arbitrary payload on a gdbserver service.
+          This module attempts to execute an arbitrary payload on a loose gdbserver service.
       },
       'Author'        => [ 'joev' ],
       'Targets'       => [
         [ 'x86 (32-bit)',    { 'Arch' => ARCH_X86 } ],
         [ 'x86_64 (64-bit)', { 'Arch' => ARCH_X86_64 } ]
       ],
+      'References'     =>
+        [
+          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3691']
+        ],
+      'DisclosureDate' => 'Aug 24 2014',
       'Platform'      => %w(linux unix osx),
       'DefaultTarget' => 0,
       'DefaultOptions' => {
