Fixup for release

Ack, a missing disclosure date on the GDB exploit. I'm deferring to the PR itself for this as the disclosure and URL reference.
2014-09-08 14:00:34 -05:00 · 2014-09-08 14:00:34 -05:00 · 4abee39ab2
parent 16502b831f
commit 4abee39ab2
4 changed files with 29 additions and 18 deletions
--- a/modules/auxiliary/admin/appletv/appletv_display_image.rb
+++ b/modules/auxiliary/admin/appletv/appletv_display_image.rb
@ -15,8 +15,8 @@ class Metasploit4 < Msf::Auxiliary
      'Description'    => %q(
        This module will show an image on an AppleTV device for a period of time.
        Some AppleTV devices are actually password-protected, in that case please
-        set the PASSWORD datastore option. If you need to bruteforce the password,
-        you can try apple_login.rb.
+        set the PASSWORD datastore option. For password bruteforcing, please see
+        the module auxiliary/scanner/http/appletv_login.
      ),
      'Author'         =>
        [
--- a/modules/auxiliary/admin/appletv/appletv_display_video.rb
+++ b/modules/auxiliary/admin/appletv/appletv_display_video.rb
@ -14,13 +14,15 @@ class Metasploit4 < Msf::Auxiliary
    super(update_info(info,
      'Name'           => 'Apple TV Video Remote Control',
      'Description'    => %q(
-        This module plays a video on an AppleTV device. Note that AppleTV can be somewhat picky
-        about the server that hosts the video, here are the ones tested: default IIS. default
-        Apache, Ruby httpd webrick's default MIME list might need to be updated depending on
-        what media file you're playing. Python SimpleHTTPServer is not recommended. Also, if
-        you're playing a video, the URL must be an IP address. Some AppleTV devices are actually
-        password-protected, in that case please set the PASSWORD datastore option. If you need
-        to bruteforce the password, please use appletv_login
+        This module plays a video on an AppleTV device. Note that
+        AppleTV can be somewhat picky about the server that hosts the video.
+        Tested servers include default IIS, default Apache, and Ruby's WEBrick.
+        For WEBrick, the default MIME list may need to be updated, depending on
+        what media file is to be played. Python SimpleHTTPServer is not
+        recommended. Also, if you're playing a video, the URL must be an IP
+        address. Some AppleTV devices are actually password-protected; in that
+        case please set the PASSWORD datastore option. For password
+        bruteforcing, please see the module auxiliary/scanner/http/appletv_login.
      ),
      'Author'         =>
        [
--- a/modules/auxiliary/scanner/http/appletv_login.rb
+++ b/modules/auxiliary/scanner/http/appletv_login.rb
@ -16,20 +16,24 @@ class Metasploit3 < Msf::Auxiliary
    super(
        'Name'           => 'AppleTV AirPlay Login Utility',
        'Description'    => %q(
-        This module attempts to authenticate to an AppleTV service with username 'AirPlay'.
-        The device has two different access control modes: OnScreen and Password. The difference
-        is the password in Onscreen is number-only and four digits long, which means when you enable
-        this option, the module will make sure to cover all of them - from 0000 to 9999.
-        The Password mode is more complex, therefore it's better to supply your own password list
-        in PASS_FILE, and/or enable DB_ALL_PASS and resue all the passwords you've collected in
-        the database.
+        This module attempts to authenticate to an AppleTV service with
+        the username, 'AirPlay'.  The device has two different access control
+        modes: OnScreen and Password. The difference between the two is the
+        password in OnScreen mode is numeric-only and four digits long, which
+        means when this option is enabled, this option, the module will make
+        sure to cover all of them - from 0000 to 9999.  The Password mode is
+        more complex, therefore the usual online bruteforce strategies apply.
      ),
        'Author'         =>
          [
            '0a29406d9794e4f9b30b3c5d6702c708',  # Original
-            'thelightcosine'                     # LoginScanner
+            'thelightcosine'                     # LoginScanner conversion help
          ],
        'License'        => MSF_LICENSE,
+        'References'     =>
+          [
+            ['URL', 'http://nto.github.io/AirPlay.html']
+          ],
        'DefaultOptions' => {
            'RPORT'           => 7000,  # AppleTV's server
            'STOP_ON_SUCCESS' => true   # There's only one password with the same username
--- a/modules/exploits/multi/gdb/gdb_server_exec.rb
+++ b/modules/exploits/multi/gdb/gdb_server_exec.rb
@ -14,13 +14,18 @@ class Metasploit3 < Msf::Exploit::Remote
    super(update_info(info,
      'Name'          => 'GDB Server Remote Payload Execution',
      'Description'   => %q{
-          This module attempts to execute an arbitrary payload on a gdbserver service.
+          This module attempts to execute an arbitrary payload on a loose gdbserver service.
      },
      'Author'        => [ 'joev' ],
      'Targets'       => [
        [ 'x86 (32-bit)',    { 'Arch' => ARCH_X86 } ],
        [ 'x86_64 (64-bit)', { 'Arch' => ARCH_X86_64 } ]
      ],
+      'References'     =>
+        [
+          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3691']
+        ],
+      'DisclosureDate' => 'Aug 24 2014',
      'Platform'      => %w(linux unix osx),
      'DefaultTarget' => 0,
      'DefaultOptions' => {