Minor description changes

No code changes (one comment made on play_youtube to suggest xdg-open rather than firefox for linux targets).
2013-12-16 14:57:33 -06:00 · 2013-12-16 14:57:33 -06:00 · 040619c373
parent 3dec7f61a5
commit 040619c373
7 changed files with 25 additions and 23 deletions
--- a/modules/exploits/multi/http/coldfusion_rds.rb
+++ b/modules/exploits/multi/http/coldfusion_rds.rb
@ -17,11 +17,14 @@ class Metasploit3 < Msf::Exploit::Remote
    super(update_info(info,
      'Name'            => 'Adobe ColdFusion 9 Administrative Login Bypass',
      'Description'     => %q{
-      Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication using the RDS component. Its password can
-      by default or by misconfiguration be set to an empty value. This allows you to create a session via the RDS login that
-      can be carried over to the admin web interface even though the passwords might be different. Therefore bypassing
-      authentication on the admin web interface which then could lead to arbitrary code execution.
-      Tested on Windows and Linux with ColdFusion 9.
+        Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote
+        attackers to bypass authentication using the RDS component. Due to
+        default settings or misconfiguration, its password can be set to an
+        empty value. This allows an attacker to create a session via the RDS
+        login that can be carried over to the admin web interface even though
+        the passwords might be different, and therefore bypassing authentication
+        on the admin web interface leading to arbitrary code execution. Tested
+        on Windows and Linux with ColdFusion 9.
      },
      'Author'          =>
        [
--- a/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb
+++ b/modules/exploits/windows/http/hp_loadrunner_copyfiletoserver.rb
@ -19,10 +19,10 @@ class Metasploit3 < Msf::Exploit::Remote
    super(update_info(info,
      'Name'        => 'HP LoadRunner EmulationAdmin Web Service Directory Traversal',
      'Description' => %q{
-        This module exploits a directory traversal vulnerability on the version 11.52 of HP
-        LoadRunner. The vulnerability exists on the EmulationAdmin web service, specifically
-        in the copyFileToServer method, allowing to upload arbitrary files. This module has
-        been tested successfully on HP LoadRunner 11.52 over Windows 2003 SP2.
+        This module exploits a directory traversal vulnerability in version 11.52 of HP
+        LoadRunner. The vulnerability exists in the EmulationAdmin web service, specifically
+        in the copyFileToServer method, allowing the upload of arbitrary files. This module has
+        been tested successfully on HP LoadRunner 11.52 on Windows 2003 SP2.
      },
      'Author'       =>
        [
--- a/modules/exploits/windows/local/ms_ndproxy.rb
+++ b/modules/exploits/windows/local/ms_ndproxy.rb
@ -18,10 +18,10 @@ class Metasploit3 < Msf::Exploit::Local
      'Name'          => 'Microsoft Windows ndproxy.sys Local Privilege Escalation',
      'Description'    => %q{
        This module exploits a flaw in the ndproxy.sys driver on Windows XP SP3 and Windows 2003
-        SP2 systems, exploited on the wild on November 2013. The vulnerability exists while
+        SP2 systems, exploited in the wild in November, 2013. The vulnerability exists while
        processing an IO Control Code 0x8fff23c8 or 0x8fff23cc, where user provided input is used
-        to unsafely access an array, and the value is used to perform a call, leading to a NULL
-        pointer dereference, which is exploitable on both Windows XP and Windows 2003 systems. This
+        to access an array unsafely, and the value is used to perform a call, leading to a NULL
+        pointer dereference which is exploitable on both Windows XP and Windows 2003 systems. This
        module has been tested successfully on Windows XP SP3 and Windows 2003 SP2. In order to
        work the service "Routing and Remote Access" must be running on the target system.
      },
--- a/modules/exploits/windows/local/nvidia_nvsvc.rb
+++ b/modules/exploits/windows/local/nvidia_nvsvc.rb
@ -26,12 +26,11 @@ class Metasploit3 < Msf::Exploit::Local
      'Description'     => %q{
        The named pipe, \pipe\nsvr, has a NULL DACL allowing any authenticated user to
        interact with the service. It contains a stacked based buffer overflow as a result
-        of a memmove operation.
-
-        N.B. exe is nvvsvc.exe, service is nvsvc and pipe is nsvr!
+        of a memmove operation. Note the slight spelling differences: the executable is 'nvvsvc.exe',
+        the service name is 'nvsvc', and the named pipe is 'nsvr'.

        This exploit automatically targets nvvsvc.exe versions dated Nov 3 2011, Aug 30 2012, and Dec 1 2012.
-        It has been tested on Win7 x64 against nvvsvc.exe dated Dec 1 2012.
+        It has been tested on Windows 7 64-bit against nvvsvc.exe dated Dec 1 2012.
      },
      'License'         => MSF_LICENSE,
      'Author'          =>
--- a/modules/post/multi/manage/play_youtube.rb
+++ b/modules/post/multi/manage/play_youtube.rb
@ -13,9 +13,9 @@ class Metasploit3 < Msf::Post
    super( update_info( info,
      'Name'          => 'Multi Manage Youtube Broadcast',
      'Description'   => %q{
-        This module will broadcast a Youtube video on all compromised systems. It will play
+        This module will broadcast a Youtube video on specified compromised systems. It will play
        the video in the target machine's native browser in full screen mode. The VID datastore
-        option is the "v" parameter in your Youtube video's URL.
+        option is the "v" parameter in a Youtube video's URL.
      },
      'License'       => MSF_LICENSE,
      'Author'        => [ 'sinn3r'],
@ -70,6 +70,7 @@ class Metasploit3 < Msf::Post

  #
  # The Linux version uses Firefox
+  # TODO: Try xdg-open?
  #
  def linux_start_video(id)
    begin
@ -92,7 +93,7 @@ class Metasploit3 < Msf::Post
    rescue EOFError
      return false
    end
-  
+
    true
  end

--- a/modules/post/windows/manage/ie_proxypac.rb
+++ b/modules/post/windows/manage/ie_proxypac.rb
@ -17,7 +17,7 @@ class Metasploit3 < Msf::Post
      'Name'          => 'Windows Manage Proxy PAC File',
      'Description'   => %q{
        This module configures Internet Explorer to use a PAC proxy file. By using the LOCAL_PAC
-        option, a PAC file will be created in the victim host. It's also possible to provide a
+        option, a PAC file will be created on the victim host. It's also possible to provide a
        remote PAC file (REMOTE_PAC option) by providing the full URL.
      },
      'License'       => MSF_LICENSE,
--- a/test/modules/auxiliary/test/httpserver.rb
+++ b/test/modules/auxiliary/test/httpserver.rb
@ -120,7 +120,7 @@ class Metasploit3 < Msf::Auxiliary
 end

 =begin
- 
+
 Test Results - clinet output:
 msf auxiliary(cisco_asa_asdm) > run

@ -149,6 +149,5 @@ msf auxiliary(httpserver) > run
 [-] 10.0.1.76        httpserver - Bad login
 [*] 10.0.1.76        httpserver - Received request: /+webvpn+/index.html
 [+] Authenticated
-   
-  
+
 =end