Cosmetic cleanup of post modules

git-svn-id: file:///home/svn/framework3/trunk@11830 4d416f70-5f16-0410-b530-b9f4589650da
2011-02-26 02:47:40 +00:00 · 2011-02-26 02:47:40 +00:00 · b700ed2075
parent 941c0f446f
commit b700ed2075
10 changed files with 36 additions and 27 deletions
--- a/modules/post/windows/capture/keylog_recorder.rb
+++ b/modules/post/windows/capture/keylog_recorder.rb
@ -22,7 +22,16 @@ class Metasploit3 < Msf::Post
 	def initialize(info={})
 		super( update_info( info,
 				'Name'           => 'Microsoft Windows Keystroke Recorder',
-				'Description'    => %q{ Records keystroke logs to a file.},
+				'Description'    => %q{
+					This module can be used to capture keystrokes. To capture keystrokes when the session is running
+					as SYSTEM, the MIGRATE option must be enabled and the CAPTURE_TYPE option should be set to one of
+					Explorer, Winlogon, or a specific PID. To capture the keystrokes of the interactive user, the
+					Explorer option should be used with MIGRATE enabled. Keep in mind that this will demote this session
+					to the user's privileges, so it makes sense to create a separate session for this task. The Winlogon
+					option will capture the username and password entered into the logon and unlock dialog. The LOCKSCREEN
+					option can be combined with the Winlogon CAPTURE_TYPE to for the user to enter their clear-text
+					password.
+						},
 				'License'        => MSF_LICENSE,
 				'Author'         => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
 				'Version'        => '$Revision$',
@ -116,9 +125,9 @@ class Metasploit3 < Msf::Post
 		mypid = session.sys.process.getpid
 		session.sys.process.get_processes().each do |x|
 			if (process2mig.index(x['name'].downcase) and x['pid'] != mypid)
-				print_status("\t#{process2mig} Process found, migrating into #{x['pid']}")
+				print_status("\t#{process2mig} Process found, migrating into #{x['pid']...}")
 				session.core.migrate(x['pid'].to_i)
-				print_status("Migration Successful!!")
+				print_status("Migration successful!!")
 			end
 		end
 		return true
@ -126,9 +135,9 @@ class Metasploit3 < Msf::Post

 	# Method for migrating in to a PID
 	def pid_migrate(pid)
-		print_status("\tMigrating into #{pid}")
+		print_status("\tMigrating into #{pid}...")
 				session.core.migrate(pid)
-				print_status("Migration Successful!!")
+				print_status("Migration successful!")
 	end

 	# Method for starting the keylogger
@ -140,7 +149,7 @@ class Metasploit3 < Msf::Post
 			session.ui.keyscan_start
 			return true
 		rescue
-			print_status("Failed to start Keylogging!")
+			print_error("Failed to start the keystroke sniffer: #{$!}")
 			return false
 		end
 	end
--- a/modules/post/windows/escalate/ms10_073_kbdlayout.rb
+++ b/modules/post/windows/escalate/ms10_073_kbdlayout.rb
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Post
 		super(update_info(info,
 			'Name'          => 'Microsoft Windows NtUserLoadKeyboardLayoutEx Privilege Escalation',
 			'Description'   => %q{
-					This module exploits the keyboard layout 0day exploited by Stuxnet. When
+					This module exploits the keyboard layout vulnerability exploited by Stuxnet. When
 				processing specially crafted keyboard layout files (DLLs), the Windows kernel fails
 				to validate that an array index is within the bounds of the array. By loading
 				a specially crafted keyboard layout, an attacker can execute code in Ring 0.
--- a/modules/post/windows/escalate/service_permissions.rb
+++ b/modules/post/windows/escalate/service_permissions.rb
@ -20,13 +20,14 @@ class Metasploit3 < Msf::Post
 		super( update_info( info,
 			'Name'          => 'Microsoft Windows Service Permissions Local Privilege Escalation',
 			'Description'   => %q{
-				Many services are configured with insecure permissions. This
-				module attempts to create a service, then searches through a list of
-				existing services to look for insecure file or configuration
-				permissions that will let it replace the executable with a payload.
-				It will then attempt to restart the replaced service to run the
-				payload. If that fails, the next time the service is started (such as
-				on reboot) the attacker will gain elevated privileges.
+				This module attempts to exploit existing administrative privileges to obtain
+				a SYSTEM session. If directly creating a service fails, this module will inspect 
+				existing services to look for insecure file or configuration permissions that may
+				be hijacked. It will then attempt to restart the replaced service to run the
+				payload. This will result in a new session when this succeeds. If the module is
+				able to modify the service but does not have permission to start and stop the
+				affected service, the attacker must wait for the system to restart before a
+				session will be created.
 			},
 			'License'       => MSF_LICENSE,
 			'Author'        => [ 'scriptjunkie' ],
--- a/modules/post/windows/gather/checkvm.rb
+++ b/modules/post/windows/gather/checkvm.rb
@ -20,12 +20,11 @@ class Metasploit3 < Msf::Post
 	def initialize(info={})
 		super( update_info( info,
 				'Name'          => 'Microsoft Windows Virtual Environment Detection',
-				'Description'   => %q{ 
-						Examines various attributes of the victim host to
-						determine if it is a virtual machine and if so displays
-						what kind.  Currently supports checks for the following
-						virtualization software: Hyper-V, VMWare, Virtual PC,
-						VirtualBox, and Xen.
+				'Description'   => %q{
+					This module attempts to determine whether the system is running
+					inside of a virtual environment and if so, which one. This
+					module supports detectoin of Hyper-V, VMWare, Virtual PC,
+					VirtualBox, and Xen.
 					},
 				'License'       => MSF_LICENSE,
 				'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
--- a/modules/post/windows/gather/enum_applications.rb
+++ b/modules/post/windows/gather/enum_applications.rb
@ -20,7 +20,7 @@ class Metasploit3 < Msf::Post
 	def initialize(info={})
 		super( update_info( info,
 				'Name'          => 'Microsoft Windows Installed Application Enumeration',
-				'Description'   => %q{ This module will enumerate installed applications on a target host},
+				'Description'   => %q{ This module will enumerate all installed applications },
 				'License'       => MSF_LICENSE,
 				'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
 				'Version'       => '$Revision$',
--- a/modules/post/windows/gather/enum_logged_on_users.rb
+++ b/modules/post/windows/gather/enum_logged_on_users.rb
@ -22,7 +22,7 @@ class Metasploit3 < Msf::Post
 	def initialize(info={})
 		super( update_info( info,
 				'Name'          => 'Microsoft Windows Logged On User Enumeration (Registry)',
-				'Description'   => %q{ This module will enumerate current and recent logged on users},
+				'Description'   => %q{ This module will enumerate current and recently logged on Windows users},
 				'License'       => MSF_LICENSE,
 				'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
 				'Version'       => '$Revision$',
--- a/modules/post/windows/gather/enum_powershell_env.rb
+++ b/modules/post/windows/gather/enum_powershell_env.rb
@ -19,8 +19,8 @@ class Metasploit3 < Msf::Post

 	def initialize(info={})
 		super( update_info( info,
-				'Name'          => 'Microsoft Windows Powershell Enviroment Setting Enumeration',
-				'Description'   => %q{ This module will enumerate Microsofts Powershell Settings on a target host},
+				'Name'          => 'Microsoft Windows Powershell Environment Setting Enumeration',
+				'Description'   => %q{ This module will enumerate Microsoft Powershell settings },
 				'License'       => MSF_LICENSE,
 				'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
 				'Version'       => '$Revision$',
--- a/modules/post/windows/gather/enum_snmp.rb
+++ b/modules/post/windows/gather/enum_snmp.rb
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Post
 	def initialize(info={})
 		super( update_info( info,
 				'Name'          => 'Microsoft Windows SNMP Settings Enumeration (Registry)',
-				'Description'   => %q{ This module will enumerate the SNMP configuration on a target host.},
+				'Description'   => %q{ This module will enumerate the SNMP service configuration },
 				'License'       => MSF_LICENSE,
 				'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>', 'Tebo <tebo[at]attackresearch.com>'],
 				'Version'       => '$Revision$',
--- a/modules/post/windows/gather/hashdump.rb
+++ b/modules/post/windows/gather/hashdump.rb
@ -18,7 +18,7 @@ class Metasploit3 < Msf::Post
 	def initialize(info={})
 		super( update_info( info,
 			'Name'          => 'Microsoft Windows Local User Account Password Hashes (Registry)',
-			'Description'   => %q{ Pull the syskey out of the remote registry and decrypt the SAM database },
+			'Description'   => %q{ This module will dump the local user accounts from the SAM database using the registry },
 			'License'       => MSF_LICENSE,
 			'Author'        => [ 'hdm' ],
 			'Version'       => '$Revision$',
--- a/modules/post/windows/manage/delete_user.rb
+++ b/modules/post/windows/manage/delete_user.rb
@ -19,7 +19,7 @@ class Metasploit3 < Msf::Post
 	def initialize(info={})
 		super( update_info( info,
 				'Name'          => 'Microsoft Windows Local User Account Deletion',
-				'Description'   => %q{ Deletes a user account from the given server (or local if none given)},
+				'Description'   => %q{ This module deletes a local user account from the specified server (or local if none given)},
 				'License'       => BSD_LICENSE,
 				'Author'        => [ 'chao-mu'],
 				'Version'       => '$Revision$',