Land #2190, @todb-r7's (more than) cosmetic changes

modules/exploits/linux/http/pineapp_ldapsyncnow_exec.rb

@@ -29,7 +29,8 @@ def initialize(info = {})
 			'License'        => MSF_LICENSE,
 			'References'     =>
 				[
-					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-185/']
+					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-185/' ],
+					[ 'OSVDB', '95781' ]
 				],
 			'Platform'       => ['unix'],
 			'Arch'           => ARCH_CMD,

modules/exploits/linux/http/pineapp_livelog_exec.rb

@@ -29,7 +29,8 @@ def initialize(info = {})
 			'License'        => MSF_LICENSE,
 			'References'     =>
 				[
-					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-184/']
+					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-184/'],
+					[ 'OSVDB', '95779']
 				],
 			'Platform'       => ['unix'],
 			'Arch'           => ARCH_CMD,

modules/exploits/linux/http/pineapp_test_li_conn_exec.rb

@@ -29,7 +29,8 @@ def initialize(info = {})
 			'License'        => MSF_LICENSE,
 			'References'     =>
 				[
-					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-188/']
+					[ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-13-188/'],
+					[ 'OSVDB', '95782']
 				],
 			'Platform'       => ['unix'],
 			'Arch'           => ARCH_CMD,

modules/exploits/multi/http/struts_default_action_mapper.rb

@@ -1,7 +1,7 @@
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
+# web site for more information on licensing and terms of use.
 #   http://metasploit.com/framework/
 ##
 

modules/exploits/windows/local/ms13_005_hwnd_broadcast.rb

@@ -1,5 +1,5 @@
 ##
-# ## This file is part of the Metasploit Framework and may be subject to
+# This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # web site for more information on licensing and terms of use.
 #   http://metasploit.com/
@@ -22,21 +22,19 @@ def initialize(info={})
 		super( update_info( info,
 			'Name'		=> 'MS13-005 HWND_BROADCAST Low to Medium Integrity Privilege Escalation',
 			'Description'	=> %q{
-				The Windows kernel does not properly isolate broadcast messages from low integrity
-				applications from medium or high integrity applications. This allows commands to be
-				broadcasted to an open medium or high integrity command prompts allowing escalation
-				of privileges. We can spawn a medium integrity command prompt, after spawning a low
-				integrity command prompt, by using the Win+Shift+# combination to specify the
-				position of the command prompt on the taskbar. We can then broadcast our command
-				and hope that the user is away and doesn't corrupt it by interacting with the UI.
-				Broadcast issue affects versions  Windows Vista, 7, 8, Server 2008, Server 2008 R2,
-				Server 2012, RT. But Spawning a command prompt with the shortcut key does not work
-				in Vista so you will have to check if the user is already running a command prompt
-				and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded
-				payload from a Web location.  The FILE technique will drop an executable to the
-				file system, set it to medium integrity and execute it. The TYPE technique will
-				attempt to execute a powershell encoded payload directly from the command line but
-				it may take some time to complete.
+				Due to a problem with isolating window broadcast messages in the Windows kernel,
+				an attacker can broadcast commands from a lower Integrity Level process to a
+				higher Integrity Level process, thereby effecting a privilege escalation. This
+				issue affects Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, and
+				RT. Note that spawning a command prompt with the shortcut key combination Win+Shift+#
+				does not work in Vista, so the attacker will have to check if the user is already
+				running a command prompt and set SPAWN_PROMPT false.
+
+				Three exploit techniques are available with this module. The WEB technique will
+				execute a powershell encoded payload from a Web location.  The FILE technique
+				will drop an executable to the file system, set it to medium integrity and execute
+				it. The TYPE technique will attempt to execute a powershell encoded payload directly
+				from the command line, but may take some time to complete.
 			},
 			'License'	=> MSF_LICENSE,
 			'Author'	=>

modules/exploits/windows/misc/psh_web_delivery.rb

@@ -14,11 +14,11 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'		 => 'Powershell Payload Web Delivery',
+			'Name'		 => 'PowerShell Payload Web Delivery',
 			'Description'	 => %q{
-				This module quickly fires up a web server that serves the payload in powershell.
-				The provided command will start powershell and then download and execute the
-				payload. The IEX command can also be extracted to execute directly from powershell.
+				This module quickly fires up a web server that serves the payload in PowerShell.
+				The provided command will start PowerShell and then download and execute the
+				payload. The IEX command can also be extracted to execute directly from PowerShell.
 				The main purpose of this module is to quickly establish a session on a target
 				machine when the attacker has to manually type in the command himself, e.g. RDP
 				Session, Local Access or maybe Remote Command Exec. This attack vector does not

modules/payloads/stagers/windows/reverse_https_proxy.rb

@@ -18,7 +18,7 @@ module Metasploit3
 	def initialize(info = {})
 		super(merge_info(info,
 			'Name'          => 'Reverse HTTPS Stager with Support for Custom Proxy',
-			'Description'   => 'Tunnel communication over HTTP using SSL, supports custom proxy',
+			'Description'   => 'Tunnel communication over HTTP using SSL with custom proxy support',
 			'Author'        => ['hdm','corelanc0d3r <peter.ve[at]corelan.be>', 'amaloteaux'],
 			'License'       => MSF_LICENSE,
 			'Platform'      => 'win',

modules/post/linux/gather/ecryptfs_creds.rb

@@ -21,9 +21,9 @@ def initialize(info={})
 		super( update_info(info,
 			'Name'           => 'Gather eCryptfs Metadata',
 			'Description'    => %q{
-				This module will grab the contents of user's .ecrypts directory on
-				the targeted machine. Grabbed "wrapped-passphrase" files can be
-				cracked with JtR to get "mount passphrases".
+				This module will collect the contents of all users' .ecrypts directories on
+				the targeted machine. Collected "wrapped-passphrase" files can be
+				cracked with John the Ripper (JtR) to recover "mount passphrases".
 			},
 			'License'        => MSF_LICENSE,
 			'Author'         => ['Dhiru Kholia <dhiru[at]openwall.com>'],

modules/post/multi/gather/gpg_creds.rb

@@ -21,8 +21,8 @@ def initialize(info={})
 		super( update_info(info,
 			'Name'           => 'Multi Gather GnuPG Credentials Collection',
 			'Description'    => %q{
-					This module will collect the contents of user's .gnupg directory on the targeted
-				machine. Password protected secret keyrings can be cracked with JtR.
+					This module will collect the contents of all users' .gnupg directories on the targeted
+				machine. Password protected secret keyrings can be cracked with John the Ripper (JtR).
 			},
 			'License'        => MSF_LICENSE,
 			'Author'         => ['Dhiru Kholia <dhiru[at]openwall.com>'],

modules/post/multi/gather/pgpass_creds.rb

@@ -22,8 +22,8 @@ def initialize(info={})
 		super( update_info(info,
 			'Name'          => 'Multi Gather pgpass Credentials',
 			'Description'   => %q{
-					This module will collect the contents of user's .pgpass or pgpass.conf and
-				parse them for credentials.
+					This module will collect the contents of all users' .pgpass or pgpass.conf
+					file and parse them for credentials.
 			},
 			'License'       => MSF_LICENSE,
 			'Author'        => ['Zach Grace <zgrace[at]403labs.com>'],

modules/post/multi/gather/ssh_creds.rb

@@ -22,7 +22,7 @@ def initialize(info={})
 		super( update_info(info,
 			'Name'           => 'Multi Gather OpenSSH PKI Credentials Collection',
 			'Description'    => %q{
-					This module will collect the contents of user's .ssh directory on the targeted
+					This module will collect the contents of all users' .ssh directories on the targeted
 				machine. Additionally, known_hosts and authorized_keys and any other files are also
 				downloaded. This module is largely based on firefox_creds.rb.
 			},
@@ -59,9 +59,9 @@ def download_loot(paths)
 				sep = "/"
 				files = cmd_exec("ls -1 #{path}").split(/\r\n|\r|\n/)
 			end
-      path_array = path.split(sep)
-      path_array.pop
-      user = path_array.pop
+			path_array = path.split(sep)
+			path_array.pop
+			user = path_array.pop
 			files.each do |file|
 				next if [".", ".."].include?(file)
 				data = read_file("#{path}#{sep}#{file}")
@@ -79,7 +79,7 @@ def download_loot(paths)
 						:host => session.session_host,
 						:port => 22,
 						:sname => 'ssh',
-            :user => user,
+						:user => user,
 						:pass => loot_path,
 						:source_type => "exploit",
 						:type => 'ssh_key',