Land rapid7#3056 - Pre-release fixups: Minor description/print_* cleanup

modules/auxiliary/admin/http/linksys_tmunblock_admin_reset_bof.rb

@@ -11,9 +11,9 @@ class Metasploit3 < Msf::Auxiliary
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'            => 'Linksys WRT120N tmUnblock Buffer Overflow',
+      'Name'            => 'Linksys WRT120N tmUnblock Stack Buffer Overflow',
       'Description'     => %q{
-        This module exploits a buffer overflow vulnerability in the WRT120N Linksys router
+        This module exploits a stack-based buffer overflow vulnerability in the WRT120N Linksys router
         to reset the password of the management interface temporarily to an empty value.
         This module has been tested successfully on a WRT120N device with firmware version
         1.0.07.
@@ -41,13 +41,13 @@ def check_login(user)
       'authorization' => basic_auth(user,"")
     })
     if res.nil? || res.code == 404
-      print_status("#{peer} - No successful login possible with #{user} and empty password")
+      print_status("#{peer} - No login possible with #{user} and empty password")
       return false
     elsif [200, 301, 302].include?(res.code)
       print_good("#{peer} - Successful login #{user} and empty password")
       return true
     else
-      print_status("#{peer} - No successful login possible with #{user} and empty password")
+      print_status("#{peer} - No login possible with #{user} and empty password")
       return false
     end
   end
@@ -96,10 +96,10 @@ def run
         if check_login("admin")
           print_good("#{peer} - Expected answer and the login was successful. Try to login with the user admin and a blank password")
         else
-          print_status("#{peer} - Expected answer, but unknown exploiting status. Try to login with the user admin and a blank password")
+          print_status("#{peer} - Expected answer, but unknown exploit status. Try to login with the user admin and a blank password")
         end
       else
-        print_error("#{peer} - Unexpected answer. Exploiting attempt has failed")
+        print_error("#{peer} - Unexpected answer. Exploit attempt has failed")
       end
     rescue ::Rex::ConnectionError
       print_error("#{peer} - Failed to connect to the web server")

modules/auxiliary/dos/http/apache_commons_fileupload_dos.rb

@@ -57,6 +57,9 @@ def run
       }
     }
 
+    # XXX: There is rarely, if ever, a need for a 'for' loop in Ruby
+    #      This should be rewritten with 1.upto() or Enumerable#each or
+    #      something
     for x in 1..datastore['RLIMIT']
       print_status("Sending request #{x} to #{peer}")
       begin

modules/exploits/windows/antivirus/symantec_endpoint_manager_rce.rb

@@ -18,9 +18,9 @@ def initialize(info = {})
       'Name'           => 'Symantec Endpoint Protection Manager Remote Command Execution',
       'Description'    => %q{
         This module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager
-        versions 11.0, 12.0 and 12.1. When supplying a specially crafted XXE request an attacker
+        versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity (XXE) request an attacker
         can reach SQL injection affected components. As xp_cmdshell is enabled in the included
-        database instance, it's possible to execute arbitrary system commands on the remote system
+        database instance, it's possible to execute arbitrary system commands on the target
         with SYSTEM privileges.
       },
       'Author'         =>

modules/exploits/windows/fileformat/total_video_player_ini_bof.rb

@@ -17,7 +17,7 @@ def initialize(info = {})
       'Description'  => %q{
         This module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability
         occurs opening malformed Settings.ini file e.g."C:\Program Files\Total Video Player\".
-        This module has been tested successfully over Windows WinXp-Sp3-EN, Windows 7, Windows 8.
+        This module has been tested successfully on Windows WinXp-Sp3-EN, Windows 7, and Windows 8.
       },
       'License'    => MSF_LICENSE,
       'Author'    =>

modules/exploits/windows/scada/ge_proficy_cimplicity_gefebt.rb

@@ -22,8 +22,8 @@ def initialize
         shared resources. An attacker can abuse this behaviour to execute a malicious BCL and
         drop an arbitrary EXE. The last one can be executed remotely through the WebView server.
         This module has been tested successfully in GE Proficy CIMPLICITY 7.5 with the embedded
-        CimWebServer. This module starts a WebDAV server to provide the malicious BCL files. When
-        the target hasn't the WebClient service enabled, an external SMB service is necessary.
+        CimWebServer. This module starts a WebDAV server to provide the malicious BCL files. If
+        the target does not have the WebClient service enabled, an external SMB service is necessary.
       },
       'Author'      => [
         'amisto0x07', # Vulnerability discovery
@@ -182,7 +182,7 @@ def exploit
 
     make_bcls
 
-    print_status("BCL's available at #{@exploit_unc}#{@share_name}\\#{@basename}{i}.bcl")
+    print_status("BCLs available at #{@exploit_unc}#{@share_name}\\#{@basename}{i}.bcl")
 
     unless datastore['UNCPATH'].blank?
       @bcls.each_index { |i| file_create("#{@basename}#{i}.bcl", @bcls[i]) }
@@ -281,7 +281,7 @@ def execute_bcl(i)
     elsif res and res.code == 200 and res.to_s =~ /No such file or directory/
       fail_with(Failure::BadConfig, "#{peer} - The target wasn't able to access the remote BCL file")
     elsif res and res.code == 200
-      print_good("#{peer} - Answer has been successful")
+      print_good("#{peer} - '200 OK' answer indicates success!")
     else
       fail_with(Failure::Unknown, "#{peer} - Unknown error")
     end