Friday, January 22, 14:37
Home how To Medusa: How to use password cracker

Medusa: How to use password cracker

Passwords are often the weakest link in a system and that is why we continue to browse the tools in the password crackers. This time we will study the Medusa password cracker, a well known one . tool.

Medusa password cracker

It is a tool that can work very fast as a brute-force connector on a system. As we have explained in earlier articles Brute Force (or otherwise brutal attack) we call the exhaustive testing of possible keys that produce a cryptogram to reveal the original message. The purpose of Medusa is to support as many protocols and services as possible to support remote authentication (eg ssh). Some of the benefits of this application are summarized below:

  • Parallel use: Brute forcing can take place against multiple hosts, users or passwords at the same time.
  • Eflexibility: The target information (host / user / password) can be specified in different ways.
  • Multi-protocol support: Medusa can support different services and protocols (eg SMP, HTTP, POP3, MS-SQL, SSHv2 etc.)

How to install it

Medusa is offered for operating systems Linux, Windows and MacOS. In the well known version of operating system for penetration tester, Kali Linux you will find Medusa pre-installed.

Linux

You should first refresh your repositories and install the dependencies that are needed:

sudo apt-get update && sudo apt-get install unrar-free git-core openssl mediainfo

Then you need to install the 3 version Python (required by Medusa v0.3.0 version onwards) using the appropriate commands depending on the version of your operating system.

Then create a group and a user named medusa. This is needed to ensure that the tool will not affect the security of our computer and run isolated:

sudo addgroup - system medusa
sudo adduser –disabled-password –system –home / var / lib / medusa –gecos “Medusa” –ingroup medusa medusa

Then clone the Git repo for Medusa:

sudo mkdir / opt / medusa && sudo chown medusa: medusa / opt / medusa
sudo git clone https://github.com/pymedusa/Medusa.git / opt / medusa
sudo chown -R medusa: medusa / opt / medusa

 For systems SysVinit, you need to copy service init.d:

For Ubuntu:

sudo cp -v /opt/medusa/runscripts/init.ubuntu /etc/init.d/medusa

For Debian:

sudo cp -v /opt/medusa/runscripts/init.debian /etc/init.d/medusa

Make sure the new service has the appropriate permissions:

sudo chown root: root /etc/init.d/medusa
sudo chmod 644 /etc/init.d/medusa

Refresh and start the new service:

sudo update-rc.d medusa defaults
sudo service medusa start

For systems Upstart, you need to copy service init.d:

sudo cp -v /opt/medusa/runscripts/init.upstart /etc/init/medusa.conf

Make sure the new service has the appropriate permissions:

sudo chown root: root /etc/init/medusa.conf

sudo chmod 644 /etc/init/medusa.conf

Refresh and start the new service:

sudo service medusa start

      For systems Systemd, you need to copy service init.d:

sudo cp -v /opt/medusa/runscripts/init.systemd /etc/systemd/system/medusa.service

Make sure the new service has the appropriate permissions:

sudo chown root: root /etc/systemd/system/medusa.service

sudo chmod 644 /etc/systemd/system/medusa.service

Get started and check the status of the new service:

sudo systemctl enable medusa

sudo systemctl start medusa

sudo systemctl status medusa

Make Medusa run at startup (optional):

sudo systemctl enable medusa.service

To make sure everything went well, check if Medusa is accessible at: http: //localhost: 8081 

Windows

Because installing the tool in a Windows environment can be extremely complicated for many users, the creators of Medusa have created a Windows installer that can download all the necessary files and proceed with their installation. It can also create a service so that the Medusa starts automatically when they start Windows.

You should first visit her official Github page of the tool and download the latest available version.

In the folder you just downloaded, locate the installer and run it. What you'll see on your screen looks like the picture below.

Medusa

To proceed with the installation, press Next and then select the installation folder. Select the option again Next to move on. The next window will ask if you would like to create a shortcut for the tool in the home menu.

The next window will ask you for the door on which you want Medusa to run. It is advisable to leave the default value as it is and proceed with the installation by pressing the button Next.

In the next window you will be asked if you would like to create a shortcut to your desktop.

The penultimate installation window will show you a summary of the settings you have selected and the dependencies to be installed with Medusa. If you select the button install the necessary files will start to download and then the installation will be completed after you press the button Finish.

If all goes well you can open anyone browser and visit Medusa's web interface at: http://localhost:8081.

How to use it

To view all available tool options and their corresponding description, open a terminal and type Medusa.

root @ kali-: ~ # medusa Medusa v2.2 [http://www.foofus.net] (C) JoMo-Kun / Foofus Networks Syntax: Medusa [-h host | -H file] [-u username | -U file] [-p password | -P file] [-C file] -M module [OPT] -h [TEXT]: Target hostname or IP address -H [FILE]: File containing target hostnames or IP addresses -u [TEXT]: Username to test -U [FILE]: File containing usernames to test -p [TEXT]: Password to test -P [FILE]: File containing passwords to test -C [FILE]: File containing combo entries. See README for more information. -O [FILE]: File to append log information to -e [n / s / ns]: Additional password checks ([n] No Password, [s] Password = Username) -M [TEXT]: Name of the module to execute (without the .mod extension) -m [TEXT]: Parameter to pass to the module. This can be passed multiple times with a different parameter each time and they will all be sent to the module (ie -m Param1 -m Param2, etc.) -d: Dump all known modules -n [NUM]: Use for non- default TCP port number -s: Enable SSL -g [NUM]: Give up after trying to connect for NUM seconds (default 3) -r [NUM]: Sleep NUM seconds between retry attempts (default 3) -R [NUM]: Attempt NUM retries before giving up. The total number of attempts will be NUM + 1. -c [NUM]: Time to wait in usec to verify socket is available (default 500 usec). -t [NUM]: Total number of logins to be tested concurrently -T [NUM]: Total number of hosts to be tested concurrently -L: Parallelize logins using one username per thread. The default is to process the entire username before proceeding. -f: Stop scanning host after first valid username / password found. -F: Stop audit after first valid username / password found on any host. -b: Suppress startup banner -q: Display module's usage information -v [NUM]: Verbose level [0 - 6 (more)] -w [NUM]: Error debug level [0 - 10 (more)] -V: Display version -Z [TEXT]: Resume scan based on map of previous scan

Examples of different commands you can run, depending on the attack protocol, can be found below:

Find a specific password username

As we have already mentioned Medusa is a very fast tool, capable of working together with different protocols.

For example, if you want to crack the ssh password for a specific username, you can use the dictionary attack technique (dictionary attack). The parameter -u is used to declare a specific username and password -P to declare the dictionary file:

 medusa -h 192.168.1.108 -u stormi -P pass.txt -M ssh

Finding username for a specific one Password

In the reverse case, where you own the password and want to check which username (for ssh service or other) it corresponds to, you can use the same dictionary attack technique:

medusa -h 192.168.1.108 -U user.txt -p 123 -M ssh

Finding username and a corresponding password

Combined, if you want to find a username and password (for ssh service or another) you can run the following again with the dictionary attack technique. The parameter -U Enables dictionary mode for possible usernames and -P for possible passwords.

medusa -h 192.168.1.108 -U user.txt -P pass.txt -M ssh

Save result to disk

For maintenance and reading purposes, you can record the results of the Medusa commands in a file. For this reason, use the parameter -THE and then the desired file title:

medusa -h 192.168.1.108 -U user.txt -P pass.txt -M ssh -O log.txt

Continuing the attack

Many times an attack can be stopped or a block canceled, so using the parameter - G. you can continue the attack by running the last failed command instead of starting at the beginning:

medusa -h 192.168.1.108 -U user.txt -P pass.txt -M ssh -Z h1u2u3.

 Attack on a specific door

Network admins often change the number of one service door to another. In previous cases where we tested the ssh service, Medusa ran the attack on the 22 door, the default ssh door.

However, using the parameter -n you can run the attack by choosing the number of the door you want to control, not the default door number service.

So, by scanning a particular network, we found that the ssh door is 2222 and not 22. For this reason we should run the following command

 

How did Medusa look to you? Would you prefer it?

1 COMMENT

  1. Good evening a friend can't log in to the old facebook account he had because he didn't remember the password, because he didn't register his mobile then there is no possibility to retrieve the password. can we do something with this tool?

LEAVE ANSWER

Please enter your comment!
Please enter your name here

stormi
stormi
Here's the crazy ones, the misfits, the rebels, the troublemakers ...

LIVE NEWS

Netflix: Watch the 9 best Anime movies of all time

One of the good things about the pandemic was that many people were introduced to the anime world. And the issue with anime is ...

CHwapi: Windows BitLocker "hit" the Belgian hospital!

The CHwapi hospital in Belgium was attacked by a cyber attack on January 17, with hackers claiming to have encrypted 40 servers and 100 ...

CPU / GPU Lotteries: Newegg sells the few on the market

Hardware shortages are not uncommon, but the pandemic has worsened the situation. The whole planet is closed to ...

United Kingdom: Malware infects laptops delivered to students

In the context of e-learning implemented in many countries since the outbreak of the COVID-19 pandemic, governments are distributing the necessary equipment ...

iOS 14.4: Anti-tracking feature released to developers

Apple yesterday released to developers "Release Candidates" for iOS 14.4 and the corresponding iPad. It is probably the last step ...

Sophos: "Iranian company behind MrbMiner crypto-mining botnet"!

Cybersecurity company Sophos says it has uncovered links between MrbMiner crypto-mining botnet operators and a small Iranian development company ...

A minor sued Twitter for not removing child pornography material

According to court documents, Twitter received a lawsuit as it allegedly refused to remove child pornography content from its site ....

Microsoft Edge will notify you if your password is compromised

A new built-in password generator and a possibility to monitor the credentials that have leaked to Windows and macOS systems, is released by ...

Teespring: Hacker leaked data of millions of its users!

A hacker leaked data on millions of registered Teespring users on January 17 - an online portal that allows users to create and ...

QNAP: New Dovecat crypto-miner infects NAS devices

QNAP has warned its customers about a new malware (crypto-miner) called Dovecat, which targets NAS (network-attached storage) devices ...