Wednesday, June 3, 06:00
Home security Medusa: How to use password cracker

Medusa: How to use password cracker

Passwords are often the weakest link in a system and that is why we continue to browse the tools in the password crackers. This time we will study the Medusa password cracker, a well known one . tool.

Medusa password cracker

It is a tool that can work very fast as a brute-force connector on a system. As we have explained in earlier articles Brute Force (or otherwise brutal attack) we call the exhaustive testing of possible keys that produce a cryptogram to reveal the original message. The purpose of Medusa is to support as many protocols and services as possible to support remote authentication (eg ssh). Some of the benefits of this application are summarized below:

  • Parallel use: Brute forcing can take place against multiple hosts, users or passwords at the same time.
  • Eflexibility: The target information (host / user / password) can be specified in different ways.
  • Multi-protocol support: Medusa can support different services and protocols (eg SMP, HTTP, POP3, MS-SQL, SSHv2 etc.)

How to install it

Medusa is offered for operating systems Linux, Windows and MacOS. In the well known version of operating system for penetration tester, Kali Linux you will find Medusa pre-installed.

Linux

You should first refresh your repositories and install the dependencies that are needed:

sudo apt-get update && sudo apt-get install unrar-free git-core openssl mediainfo

Then you need to install the 3 version Python (required by Medusa v0.3.0 version onwards) using the appropriate commands depending on the version of your operating system.

Then create a group and a user named medusa. This is needed to ensure that the tool will not affect the security of our computer and run isolated:

sudo addgroup - system medusa
sudo adduser –disabled-password –system –home / var / lib / medusa –gecos “Medusa” –ingroup medusa medusa

Then clone the Git repo for Medusa:

sudo mkdir / opt / medusa && sudo chown medusa: medusa / opt / medusa
sudo git clone https://github.com/pymedusa/Medusa.git / opt / medusa
sudo chown -R medusa: medusa / opt / medusa

For systems SysVinit, you need to copy service init.d:

For Ubuntu:

sudo cp -v /opt/medusa/runscripts/init.ubuntu /etc/init.d/medusa

For Debian:

sudo cp -v /opt/medusa/runscripts/init.debian /etc/init.d/medusa

Make sure the new service has the appropriate permissions:

sudo chown root: root /etc/init.d/medusa
sudo chmod 644 /etc/init.d/medusa

Refresh and start the new service:

sudo update-rc.d medusa defaults
sudo service medusa start

For systems Upstart, you need to copy service init.d:

sudo cp -v /opt/medusa/runscripts/init.upstart /etc/init/medusa.conf

Make sure the new service has the appropriate permissions:

sudo chown root: root /etc/init/medusa.conf

sudo chmod 644 /etc/init/medusa.conf

Refresh and start the new service:

sudo service medusa start

For systems Systemd, you need to copy service init.d:

sudo cp -v /opt/medusa/runscripts/init.systemd /etc/systemd/system/medusa.service

Make sure the new service has the appropriate permissions:

sudo chown root: root /etc/systemd/system/medusa.service

sudo chmod 644 /etc/systemd/system/medusa.service

Get started and check the status of the new service:

sudo systemctl enable medusa

sudo systemctl start medusa

sudo systemctl status medusa

Make Medusa run at startup (optional):

sudo systemctl enable medusa.service

To make sure everything went well, check if Medusa is accessible at: http: //localhost: 8081

Windows

Because installing the tool in a Windows environment can be extremely complicated for many users, the creators of Medusa have created a Windows installer that can download all the necessary files and proceed with their installation. It can also create a service so that the Medusa starts automatically when they start Windows.

You should first visit her official Github page of the tool and download the latest available version.

In the folder you just downloaded, locate the installer and run it. What you'll see on your screen looks like the picture below.

Jellyfish

To proceed with the installation, press Next and then select the installation folder. Select the option again Next to move on. The next window will ask if you would like to create a shortcut for the tool in the home menu.

The next window will ask you for the door on which you want Medusa to run. It is advisable to leave the default value as it is and proceed with the installation by pressing the button Next.

In the next window you will be asked if you would like to create a shortcut to your desktop.

The penultimate installation window will show you a summary of the settings you have selected and the dependencies to be installed with Medusa. If you select the button install the necessary files will start to download and then the installation will be completed after you press the button Finish.

If all goes well you can open anyone browser and visit Medusa's web interface at: http://localhost:8081.

How to use it

To view all available tool options and their corresponding description, open a terminal and type Medusa.

root @ kali-: ~ # medusa Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks <jmk@foofus.net> Syntax: Medusa [-h host | -H file] [ -u username | -U file] [-p password | -p file] [-C file] -M module [OPT] -h [TEXT]: Target hostname or IP address -H [FILE]: File containing target hostnames or IP addresses -u [TEXT]: Username to test -U [FILE]: File containing usernames to test -p [TEXT]: Password to test -P [FILE]: File containing passwords to test -C [FILE]: File containing combo entries. See README for more information. -O [FILE]: File to append log information to -e [n / s / ns]: Additional password checks ([n] No Password, [s] Password = Username) -M [TEXT]: Name of the module to execute (without the .mod extension) -m [TEXT]: Parameter to pass to the module. This can be passed multiple times with different parameters each time and they will all be sent to the module (ie -m Param1 -m Param2, etc.) -d: Dump all known modules -n [NUM]: Use for non- default TCP port number -s: Enable SSL -g [NUM]: Sleep NUM seconds between retry attempts (default 3) -r [NUM]: Give up after trying to connect for NUM seconds (default 3) -r [NUM]: Attempt NUM retries before giving up. The total number of attempts will be NUM + 1. -c [NUM]: Time to wait in usec to verify socket is available (default 500 usec). -t [NUM]: Total number of logins to be tested concurrently -T [NUM]: Total number of hosts to be tested concurrently -L: Parallelize logins using one username per thread. The default is to process the entire username before proceeding. -f: Stop scanning host after first valid username / password found. -F: Stop audit after first valid username / password found on any host. -b: Suppress startup banner -q: Display module usage information -v [NUM]: Verbose level [0 - 6 (more)] -w [NUM]: Error debug level [0 - 10 (more)] -V: Display version -Z [TEXT]: Resume scan based on previous map map

Examples of different commands you can run, depending on the attack protocol, can be found below:

Find a specific password username

As we have already mentioned Medusa is a very fast tool, capable of working together with different protocols.

For example, if you want to crack the ssh password for a specific username, you can use the dictionary attack technique (dictionary attack). The parameter -u is used to declare a specific username and password -P to declare the dictionary file:

medusa -h 192.168.1.108 -u stormi -P pass.txt -M ssh

Finding username for a specific one password

In the reverse case, where you own the password and want to check which username (for ssh service or other) it corresponds to, you can use the same dictionary attack technique:

medusa -h 192.168.1.108 -U user.txt -p 123 -M ssh

Finding username and a corresponding password

Combined, if you want to find a username and password (for ssh service or another) you can run the following again with the dictionary attack technique. The parameter -U Enables dictionary mode for possible usernames and -P for possible passwords.

medusa -h 192.168.1.108 -U user.txt -P pass.txt -M ssh

Save result to disk

For maintenance and reading purposes, you can record the results of the Medusa commands in a file. For this reason, use the parameter -THE and then the desired file title:

medusa -h 192.168.1.108 -U user.txt -P pass.txt -M ssh -O log.txt

Continuing the attack

Many times an attack can be stopped or a block canceled, so using the parameter - G. you can continue the attack by running the last failed command instead of starting at the beginning:

medusa -h 192.168.1.108 -U user.txt -P pass.txt -M ssh -Z h1u2u3.

Attack on a specific door

Network admins often change the number of one service door to another. In previous cases where we tested the ssh service, Medusa ran the attack on the 22 door, the default ssh door.

However, using the parameter -n you can run the attack by choosing the number of the door you want to control, not the default door number service.

So, by scanning a particular network, we found that the ssh door is 2222 and not 22. For this reason we should run the following command

How did Medusa look to you? Would you prefer it?

1 COMMENT

  1. Good evening a friend can't log in to the old facebook account he had because he didn't remember the password, because he didn't register his mobile then there is no possibility to retrieve the password. can we do something with this tool?

LEAVE ANSWER

Please enter your comment!
Please enter your name here

stormi
stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LIVE NEWS

Samsung Access: Samsung's new service for new Galaxy devices!

Samsung has launched a new subscription service for upgrades, starting with the Galaxy S20 series. The new service, named Samsung ...

Microsoft: The tools that will now be available to everyone!

Microsoft now has the "Virtual Assistant Accelerator" and "Bot Framework Composer" tools for its entire user base. Developers can ...

Sony: Cancel PS5 event due to Floyd case!

The event that Sony had planned for the PS5 on June 4 was postponed indefinitely, due to the deplorable situation that prevails ...

Cisco warns: These Nexus switches have been hit by a serious security flaw

Cisco has warned customers with Nexus switches running NX-OS software to install updates to address a serious flaw ...

Windows 10 May 2020 Update: Get Windows 10 for € 9.09

As we all know, Windows 10 May 2020 Update has been released. It is safer, more reliable and more efficient than ever. It is certain that with ...

Anonymous's hack includes data from previous leaks!

As protests over the death of George Floyd in Minneapolis have spread across the United States, cyberattacks have targeted police ...

Critical Exim errors have been fixed, but many servers are still at risk

The update of Exim mail servers is not fast enough and the members of the Russian hacker Sandworm team are actively exploiting three critical ...

New Cisco vulnerability that concerns you!

A new critical Cisco vulnerability has been identified that concerns you: For those who don't know, Cisco recently announced that some of the servers ...

Antifa tweets from extreme rightists call for violence!

The "Antifa tweets" that flooded Twitter and promoted violence, actually came from a well-known far-right group! The information came in ...

Apple introduces the new USB-C Diagnostic Tool

Apple introduces the new USB-C Diagnostic Tool. See the new features: Apple finally brings the new internal USB-C Diagnostic Tool, ...