Let's perform the vulnerability scan using the MSF auxiliary modules:

1. There are a number of different ways that one can identify the vulnerability scanning auxiliary modules in Metasploit. One effective way is to browse to the /auxiliary/scanner directory, as this is the location where most vulnerability identification scripts will be found. Have a look at the following example:

2. The layout of these scripts is fairly standardized, and a description of any given script can be identified by reading the script from top to bottom using the cat command and then piping the output over to the more utility. In the example provided, we can see that the script tests an authentication bypass vulnerability that exists in MySQL database services. Alternatively, one can search for vulnerability identification modules within the MSF console interface. To open this, one should use the msfconsole command.

3. The search command can then be used in conjunction with keywords that specifically relate to the service, or one can use the scanner keyword to query all scripts within the auxiliary/scanner directory, as follows:

4. Upon identifying a script that looks promising, one can use the use command in conjunction with the relative path to activate that script. Once activated, the following info command can be used to read additional details about the script to include details, description, options, and references:

5. Once the module has been selected, the show options command can be used to identify and/or modify scan configurations. This command will display four column headers: Name, Current Setting, Required, and Description. The Name column identifies the name of each configurable variable. The Current Setting column lists the existing configuration for any given variable. The Required column identifies whether a value is required for any given variable. And the Description column describes the function of each variable. The value of any given variable can be changed by using the set command and providing the new value as an argument, as follows:

6. In this particular case, the system is found to be vulnerable. Given that a vulnerable system has been identified, there is a corresponding exploitation module that can be used to actually cause a denial of service on the vulnerable system. This can be seen in the example provided: