ssh_enumusers Gets An Update

wvu integrated the malformed packet technique into the ssh_enumusers module originally written by kenkeiras. This module allows an attacker to guess the user accounts on an OpenSSH server on versions up to 7.7, allowing the module to work on more versions than before.

GSoC Wraps Up

As Google Summer of Code finished up, Framework received an array of new and exciting features. WangYihang offered up an implementation of Ctrl+C to abort a reverse shell session. Additionally, Wang introduced some handy new commands to upload and download files over a reverse shell. DeveloppSoft contributed two exploit modules to Framework: a Linux exploit that utilizes rc.local to execute a payload upon reboot, and another Linux exploit that creates a .desktop file in the autostart directory, which will allow the payload to be executed upon logging in and rebooting.

New Modules

Exploit modules (2 new)

Improvements

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

To install fresh, check out the open-source-only Nightly Installers, or the binary installers which also include the commercial editions. PLEASE NOTE that these installers, and Metasploit Framework versions included in distros such as Kali, Parrot, etc., are based off the stable Metasploit 4 branch. If you'd like to try out the newer things going into Metasploit 5, that work is available in the master branch of the Metasploit Framework repo on GitHub.