System credentials:
-------------------
msfadmin:msfadmin
user:user
service:service
postgres:postgres
(2 other system accounts)

Discovery:
-------------
ftp        21/tcp    220 ProFTPD 1.3.1 Server (Debian) [::ffff:127.0.0.1]
ssh        22/tcp    SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
telnet     23/tcp    Ubuntu 8.04\x0avulnerability login:
smtp       25/tcp    220 ubuntu804-base.localdomain ESMTP Postfix (Ubuntu)
dns        53/tcp    ISC BIND 9.4.2
dns        53/udp    ISC BIND 9.4.2
http       80/tcp    Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch
netbios    137/udp   VULNERABILITY:<00>:U :VULNERABILITY:<03>:U :VULNERABILITY:<20>:U :MSFVULN:<00>:G :MSFVULN:<1e>:G :00:00:00:00:00:00
smb        139/tcp   
smb        445/tcp   Unix Samba 3.0.20-Debian (language: Unknown) (domain:MSFVULN)
mysql      3306/tcp  5.0.51a-3ubuntu5
distccd    3632/tcp  
postgres   5432/tcp  8.3.8
http       8180/tcp  Apache-Coyote/1.1 (Tomcat 5.5)


Bruteforce:
-----------
smb         Anonymous
ssh         6 sessions
telnet      6 sessions
bind        n/a
apache      2 web apps (twiki and tikiwik)
postgres    db compromise (postgres:postgres)
mysql       db compromise (root:root)
tomcat 5.5  shelled (tomcat:tomcat)


Exploits:
---------
distcc                  Excellent     1 session on all ranking levels
tomcat_mgr_deploy       Excellent     requires credentials
tikiwiki_graph_formula  Excellent     1 session on all ranking levels
twiki                   Excellent     information disclosure
mysql_yassl_getname     Good          triggers crash, but not working


TODO:
-----
switch to a vulnerable version of sendmail
configure proftpd with vulnerabilities (sql injection? others? downgrade?)


Expected sessions:
------------------
From Bruteforce:
 6 ssh, 6 telnet, 1 tomcat
From Exploit:
 1 distcc and 1 tikiwiki_graph_formula

