autopwn tools: nmaprecon and nmap scripts for exam nmap default 1000 top ports psexec.py on linux (uploads exe and starts a service) psexec.py user:pass@rhost cmd.exe or msf chmod +x for sh nc -nvlp 1234