This Metasploit module uses a dictionary to brute force valid usernames from Cerberus FTP server via SFTP. This issue affects all versions of the software older than 6.0.9.0 or 7.0.0.2 and is caused by a discrepancy in the way the SSH service handles failed logins for valid and invalid users. This issue was discovered by Steve Embling.
b093750085a1d17aa0852d4c39e66fa6eea1d5d4bbffc846638158df23d8b820
This Metasploit module will enumerate valid Domain Users via Kerberos from an unauthenticated perspective. It utilizes the different responses returned by the service for valid and invalid users.
f2f1b731be6ec1fd243a143b1b26692a9a35fb25c6b8e02d40b777bb56cbfd92