From 46230efcd8dac2d85aefe3ff6c255a876d26c19b Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sun, 3 Feb 2019 06:18:18 +0000
Subject: [PATCH] Update documentation

---
 .../multi/fileformat/evince_cbt_cmd_injection.md  | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/documentation/modules/exploit/multi/fileformat/evince_cbt_cmd_injection.md b/documentation/modules/exploit/multi/fileformat/evince_cbt_cmd_injection.md
index 8a879e47d5..c3fbd3b531 100644
--- a/documentation/modules/exploit/multi/fileformat/evince_cbt_cmd_injection.md
+++ b/documentation/modules/exploit/multi/fileformat/evince_cbt_cmd_injection.md
@@ -27,7 +27,10 @@
   1. ```use exploit/multi/fileformat/evince_cbt_cmd_injection```
   2. ```set PAYLOAD <PAYLOAD>```
   3. ```run```
-  4. The module should generate the malicious `cbt` file
+  4. The module should generate the malicious `msf.cbt` file
+  5. ```handler -p <PAYLOAD> -H <LHOST> -P <LPORT>```
+  6. Copy `msf.cbt` to target host and open with Evince
+  7. You should receive a new session
 
 
 ## Options
@@ -68,3 +71,13 @@
   Linux ubuntu-16-04-x64 4.4.0-140-generic #166-Ubuntu SMP Wed Nov 14 20:09:47 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
   ```
 
+
+## Manual Cleanup
+
+To prevent re-exploitation from a thumbnailer process:
+
+  ```
+  /usr/bin/killall evince-thumbnailer
+  /usr/bin/killall atril-thumbnailer
+  ```
+