add suggestions by cdelafuente-r7

Author: Pedro Ribeiro

documentation/modules/exploit/multi/http/microfocus_obm_auth_rce.md

@@ -1,21 +1,25 @@
 ## Vulnerable Application
 
-This module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: 
+This module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products:
 * Operations Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions
 * Application Performance Management versions: 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3
-* Data Center Automation version 2019.11 
-* Operations Bridge (containerized) versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 
-* Universal CMDB versions: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30 
-* Hybrid Cloud Management version 2020.05 
+* Data Center Automation version 2019.11
+* Operations Bridge (containerized) versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11
+* Universal CMDB versions: 2020.05, 2019.11, 2019.05, 2019.02, 2018.11, 2018.08, 2018.05, 11, 10.33, 10.32, 10.31, 10.30
+* Hybrid Cloud Management version 2020.05
 * Service Management Automation versions 2020.5 and 2020.02
 
 Exploiting this vulnerability will result in remote code execution as the root user on Linux or the SYSTEM user on Windows.
-Authentication is required, the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY, which should be fed to the module. 
+Authentication is required, the module user needs to login to the application and obtain the authenticated LWSSO_COOKIE_KEY,
+which should be fed to the module.
 Any authenticated user can exploit this vulnerability, even the lowest privileged ones.
 
-The exploit uses a modified ysoserial c3p0 payload. The only part that is modified is that c3p0 is built using version 0.9.1.2, so that the serialVersionUid of the target is the same as the exploit. This can be achieved by patching ysoserial's pom.xml.
+The exploit uses a modified ysoserial c3p0 payload. The only part that is modified is that c3p0 is built using version 0.9.1.2,
+so that the serialVersionUid of the target is the same as the exploit. This can be achieved by patching ysoserial's pom.xml.
 
-This module was only tested with Operations Bridge Manager 2020.05 and 2019.11. It should work as is with earlier Operations Bridge Manager versions, but it might require small modifications (to the cookie name or vulnerable URI) for the other affected products. However it is equally likely that it works out of the box with the other products, as HPE / Micro Focus is well known for re-using (vulnerable) code.
+This module was only tested with Operations Bridge Manager 2020.05 and 2019.11. It should work as is with earlier Operations Bridge Manager
+versions, but it might require small modifications (to the cookie name or vulnerable URI) for the other affected products. However it is
+equally likely that it works out of the box with the other products, as HPE / Micro Focus is well known for re-using (vulnerable) code.
 
 For more information refer to the advisory link:
 * https://github.com/pedrib/PoC/blob/master/advisories/Micro_Focus/Micro_Focus_OBM.md
@@ -38,6 +42,11 @@ Vulnerable versions of the software can be downloaded from Micro Focus website b
 8. `run`
 9. You should get a shell.
 
+## Options
+`LWSSO_COOKIE_KEY` is a required option that must be set by the user. This cookie is returned when a user authenticates to OBM using the
+web interface.
+Paste the cookie contents into this variable so that the module can perform the authenticated exploit.
+
 ## Scenarios
 
 ```